diff --git a/apps.yaml b/apps.yaml index 31eb16e50a..350dfb9d19 100644 --- a/apps.yaml +++ b/apps.yaml @@ -314,6 +314,18 @@ appsInfo: dependencies: Prometheus, Grafana, Minio (if no external Object Storage is used), Otel about: Grafana Tempo is an open source, easy-to-use and high-scale distributed tracing backend. Tempo is cost-efficient, requiring only object storage to operate, and is deeply integrated with Grafana, Prometheus, and Loki. integration: APL installs and configures Tempo based on best-practices defaults. By default storage is configured to use the tempo bucket of the local Minio instance. For each team a Grafana agent is installed and configured to enable writes to the Tempo cluster. + thanos: + title: Thanos + appVersion: 0.35.1 + repo: https://github.com/thanos-io/thanos + maintainers: Thanos + relatedLinks: + - https://otomi.io/docs/apps/thanos + - https://thanos.io + license: Apache 2.0 + dependencies: Prometheus, Grafana, Minio (if no external Object Storage is used) + about: Thanos is a tool to set up a Highly Available Prometheus with long-term storage capabilities. + integration: APL installs and configures Thanos using sidecars ans leverages the central object storage configuration. trivy: title: Trivy Operator appVersion: 0.16.4 diff --git a/charts/grafana-dashboards/k8s-teams/deployment.json b/charts/grafana-dashboards/k8s-teams/deployment.json index d1443c8d8f..da71190a18 100644 --- a/charts/grafana-dashboards/k8s-teams/deployment.json +++ b/charts/grafana-dashboards/k8s-teams/deployment.json @@ -3,7 +3,10 @@ "list": [ { "builtIn": 1, - "datasource": "-- Grafana --", + "datasource": { + "type": "grafana", + "uid": "-- Grafana --" + }, "enable": true, "hide": true, "iconColor": "rgba(0, 211, 255, 1)", @@ -12,7 +15,6 @@ } ] }, - "editable": true, "gnetId": null, "graphTooltip": 0, "id": 13, @@ -28,7 +30,9 @@ "rgba(237, 129, 40, 0.89)", "rgba(50, 172, 45, 0.97)" ], - "datasource": "$datasource", + "datasource": { + "type": "prometheus" + }, "editable": false, "format": "none", "gauge": { @@ -725,10 +729,6 @@ "templating": { "list": [ { - "current": { - "text": "Prometheus-platform", - "value": "Prometheus-platform" - }, "hide": 0, "includeAll": false, "label": null, @@ -737,7 +737,7 @@ "options": [], "query": "prometheus", "refresh": 1, - "regex": "", + "regex": "/^default/", "skipUrlSync": false, "type": "datasource" }, diff --git a/charts/grafana-dashboards/k8s-teams/pods.json b/charts/grafana-dashboards/k8s-teams/pods.json index 2f53ba9e19..095d13fb26 100644 --- a/charts/grafana-dashboards/k8s-teams/pods.json +++ b/charts/grafana-dashboards/k8s-teams/pods.json @@ -440,17 +440,13 @@ "templating": { "list": [ { - "current": { - "text": "Prometheus-platform", - "value": "Prometheus-platform" - }, "hide": 0, "label": null, "name": "datasource", "options": [], "query": "prometheus", "refresh": 1, - "regex": "", + "regex": "/^default/", "type": "datasource" }, { diff --git a/charts/grafana-dashboards/k8s-teams/team-status.json b/charts/grafana-dashboards/k8s-teams/team-status.json index d12154e2dc..20435d7aac 100644 --- a/charts/grafana-dashboards/k8s-teams/team-status.json +++ b/charts/grafana-dashboards/k8s-teams/team-status.json @@ -30,10 +30,7 @@ "panels": [ { "collapsed": false, - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, + "datasource": "$datasource", "gridPos": { "h": 1, "w": 24, @@ -44,10 +41,7 @@ "panels": [], "targets": [ { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, + "datasource": "$datasource", "refId": "A" } ], @@ -725,10 +719,7 @@ }, { "collapsed": false, - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, + "datasource": "$datasource", "gridPos": { "h": 1, "w": 24, @@ -739,10 +730,7 @@ "panels": [], "targets": [ { - "datasource": { - "type": "prometheus", - "uid": "prometheus" - }, + "datasource": "$datasource", "refId": "A" } ], @@ -1238,11 +1226,6 @@ "templating": { "list": [ { - "current": { - "selected": false, - "text": "Prometheus-platform", - "value": "Prometheus-platform" - }, "hide": 0, "includeAll": false, "multi": false, @@ -1251,21 +1234,14 @@ "query": "prometheus", "queryValue": "", "refresh": 1, - "regex": "", + "regex": "/^default/", "skipUrlSync": false, "type": "datasource" }, { "allValue": ".*", - "current": { - "selected": false, - "text": "All", - "value": "$__all" - }, - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, + "current": {}, + "datasource": "$datasource", "definition": "label_values(kube_node_info, cluster)", "hide": 2, "includeAll": true, @@ -1277,7 +1253,7 @@ "refId": "StandardVariableQuery" }, "refresh": 2, - "regex": "/(.*team\\-titan.*)/", + "regex": "/(.*team\\-#TEAM#.*)/", "skipUrlSync": false, "sort": 0, "tagValuesQuery": "", @@ -1296,10 +1272,7 @@ "$__all" ] }, - "datasource": { - "type": "prometheus", - "uid": "$datasource" - }, + "datasource": "$datasource", "definition": "label_values(kube_pod_info{cluster=~\"$cluster\"}, node)", "hide": 2, "includeAll": true, diff --git a/charts/grafana-dashboards/thanos/compact.json b/charts/grafana-dashboards/thanos/compact.json new file mode 100644 index 0000000000..b0f53f004a --- /dev/null +++ b/charts/grafana-dashboards/thanos/compact.json @@ -0,0 +1,1819 @@ +{ + "annotations": { + "list": [ ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "links": [ ], + "refresh": "10s", + "rows": [ + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "Shows rate of execution for compactions against blocks that are stored in the bucket by compaction resolution.", + "fill": 10, + "id": 1, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (job, resolution) (rate(thanos_compact_group_compactions_total{job=~\"$job\"}[$__rate_interval]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "compaction {{job}} {{resolution}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ ], + "timeFrom": null, + "timeShift": null, + "title": "Rate", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + "error": "#E24D42" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "Shows ratio of errors compared to the total number of executed compactions against blocks that are stored in the bucket.", + "fill": 10, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (job) (rate(thanos_compact_group_compactions_failures_total{job=~\"$job\"}[$interval])) / sum by (job) (rate(thanos_compact_group_compactions_total{job=~\"$job\"}[$interval]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "error", + "step": 10 + } + ], + "thresholds": [ ], + "timeFrom": null, + "timeShift": null, + "title": "Errors", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Group Compaction", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "Shows rate of execution for downsampling against blocks that are stored in the bucket by compaction resolution.", + "fill": 10, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (job, resolution) (rate(thanos_compact_downsample_total{job=~\"$job\"}[$__rate_interval]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "downsample {{job}} {{resolution}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ ], + "timeFrom": null, + "timeShift": null, + "title": "Rate", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + "error": "#E24D42" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "Shows ratio of errors compared to the total number of executed downsampling against blocks that are stored in the bucket.", + "fill": 10, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (job) (rate(thanos_compact_downsample_failed_total{job=~\"$job\"}[$interval])) / sum by (job) (rate(thanos_compact_downsample_total{job=~\"$job\"}[$interval]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "error", + "step": 10 + } + ], + "thresholds": [ ], + "timeFrom": null, + "timeShift": null, + "title": "Errors", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Downsample", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "Shows rate of execution for removals of blocks if their data is available as part of a block with a higher compaction level.", + "fill": 10, + "id": 5, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ ], + "spaceLength": 10, + "span": 4, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (job) (rate(thanos_compact_garbage_collection_total{job=~\"$job\"}[$__rate_interval]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "garbage collection {{job}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ ], + "timeFrom": null, + "timeShift": null, + "title": "Rate", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + "error": "#E24D42" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "Shows ratio of errors compared to the total number of executed garbage collections.", + "fill": 10, + "id": 6, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ ], + "spaceLength": 10, + "span": 4, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (job) (rate(thanos_compact_garbage_collection_failures_total{job=~\"$job\"}[$interval])) / sum by (job) (rate(thanos_compact_garbage_collection_total{job=~\"$job\"}[$interval]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "error", + "step": 10 + } + ], + "thresholds": [ ], + "timeFrom": null, + "timeShift": null, + "title": "Errors", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "Shows how long has it taken to execute garbage collection in quantiles.", + "fill": 1, + "id": 7, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "p99", + "color": "#FA6400", + "fill": 1, + "fillGradient": 1 + }, + { + "alias": "p90", + "color": "#E0B400", + "fill": 1, + "fillGradient": 1 + }, + { + "alias": "p50", + "color": "#37872D", + "fill": 10, + "fillGradient": 0 + } + ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.50, sum by (job, le) (rate(thanos_compact_garbage_collection_duration_seconds_bucket{job=~\"$job\"}[$interval]))) * 1", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "p50 {{job}}", + "logBase": 10, + "max": null, + "min": null, + "step": 10 + }, + { + "expr": "histogram_quantile(0.90, sum by (job, le) (rate(thanos_compact_garbage_collection_duration_seconds_bucket{job=~\"$job\"}[$interval]))) * 1", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "p90 {{job}}", + "logBase": 10, + "max": null, + "min": null, + "step": 10 + }, + { + "expr": "histogram_quantile(0.99, sum by (job, le) (rate(thanos_compact_garbage_collection_duration_seconds_bucket{job=~\"$job\"}[$interval]))) * 1", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "p99 {{job}}", + "logBase": 10, + "max": null, + "min": null, + "step": 10 + } + ], + "thresholds": [ ], + "timeFrom": null, + "timeShift": null, + "title": "Duration", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Garbage Collection", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "Shows deletion rate of blocks already marked for deletion.", + "fill": 10, + "id": 8, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ ], + "spaceLength": 10, + "span": 4, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (job) (rate(thanos_compact_blocks_cleaned_total{job=~\"$job\"}[$__rate_interval]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Blocks cleanup {{job}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ ], + "timeFrom": null, + "timeShift": null, + "title": "Deletion Rate", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "Shows deletion failures rate of blocks already marked for deletion.", + "fill": 1, + "id": 9, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (job) (rate(thanos_compact_block_cleanup_failures_total{job=~\"$job\"}[$__rate_interval]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Blocks cleanup failures {{job}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ ], + "timeFrom": null, + "timeShift": null, + "title": "Deletion Error Rate", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "Shows rate at which blocks are marked for deletion (from GC and retention policy).", + "fill": 1, + "id": 10, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (job) (rate(thanos_compact_blocks_marked_for_deletion_total{job=~\"$job\"}[$__rate_interval]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Blocks marked {{job}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ ], + "timeFrom": null, + "timeShift": null, + "title": "Marking Rate", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Blocks deletion", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "Shows rate of execution for all meta files from blocks in the bucket into the memory.", + "fill": 10, + "id": 11, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ ], + "spaceLength": 10, + "span": 4, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (job) (rate(thanos_blocks_meta_syncs_total{job=~\"$job\"}[$__rate_interval]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "sync {{job}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ ], + "timeFrom": null, + "timeShift": null, + "title": "Rate", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + "error": "#E24D42" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "Shows ratio of errors compared to the total number of executed meta file sync.", + "fill": 10, + "id": 12, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ ], + "spaceLength": 10, + "span": 4, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (job) (rate(thanos_blocks_meta_sync_failures_total{job=~\"$job\"}[$interval])) / sum by (job) (rate(thanos_blocks_meta_syncs_total{job=~\"$job\"}[$interval]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "error", + "step": 10 + } + ], + "thresholds": [ ], + "timeFrom": null, + "timeShift": null, + "title": "Errors", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "Shows how long has it taken to execute meta file sync, in quantiles.", + "fill": 1, + "id": 13, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "p99", + "color": "#FA6400", + "fill": 1, + "fillGradient": 1 + }, + { + "alias": "p90", + "color": "#E0B400", + "fill": 1, + "fillGradient": 1 + }, + { + "alias": "p50", + "color": "#37872D", + "fill": 10, + "fillGradient": 0 + } + ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.50, sum by (job, le) (rate(thanos_blocks_meta_sync_duration_seconds_bucket{job=~\"$job\"}[$interval]))) * 1", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "p50 {{job}}", + "logBase": 10, + "max": null, + "min": null, + "step": 10 + }, + { + "expr": "histogram_quantile(0.90, sum by (job, le) (rate(thanos_blocks_meta_sync_duration_seconds_bucket{job=~\"$job\"}[$interval]))) * 1", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "p90 {{job}}", + "logBase": 10, + "max": null, + "min": null, + "step": 10 + }, + { + "expr": "histogram_quantile(0.99, sum by (job, le) (rate(thanos_blocks_meta_sync_duration_seconds_bucket{job=~\"$job\"}[$interval]))) * 1", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "p99 {{job}}", + "logBase": 10, + "max": null, + "min": null, + "step": 10 + } + ], + "thresholds": [ ], + "timeFrom": null, + "timeShift": null, + "title": "Duration", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Sync Meta", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "Shows rate of execution for operations against the bucket.", + "fill": 10, + "id": 14, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ ], + "spaceLength": 10, + "span": 4, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (job, operation) (rate(thanos_objstore_bucket_operations_total{job=~\"$job\"}[$__rate_interval]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{job}} {{operation}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ ], + "timeFrom": null, + "timeShift": null, + "title": "Rate", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + "error": "#E24D42" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "Shows ratio of errors compared to the total number of executed operations against the bucket.", + "fill": 10, + "id": 15, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ ], + "spaceLength": 10, + "span": 4, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (job) (rate(thanos_objstore_bucket_operation_failures_total{job=~\"$job\"}[$interval])) / sum by (job) (rate(thanos_objstore_bucket_operations_total{job=~\"$job\"}[$interval]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "error", + "step": 10 + } + ], + "thresholds": [ ], + "timeFrom": null, + "timeShift": null, + "title": "Errors", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "Shows how long has it taken to execute operations against the bucket, in quantiles.", + "fill": 1, + "id": 16, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "p99", + "color": "#FA6400", + "fill": 1, + "fillGradient": 1 + }, + { + "alias": "p90", + "color": "#E0B400", + "fill": 1, + "fillGradient": 1 + }, + { + "alias": "p50", + "color": "#37872D", + "fill": 10, + "fillGradient": 0 + } + ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.50, sum by (job, le) (rate(thanos_objstore_bucket_operation_duration_seconds_bucket{job=~\"$job\"}[$interval]))) * 1", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "p50 {{job}}", + "logBase": 10, + "max": null, + "min": null, + "step": 10 + }, + { + "expr": "histogram_quantile(0.90, sum by (job, le) (rate(thanos_objstore_bucket_operation_duration_seconds_bucket{job=~\"$job\"}[$interval]))) * 1", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "p90 {{job}}", + "logBase": 10, + "max": null, + "min": null, + "step": 10 + }, + { + "expr": "histogram_quantile(0.99, sum by (job, le) (rate(thanos_objstore_bucket_operation_duration_seconds_bucket{job=~\"$job\"}[$interval]))) * 1", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "p99 {{job}}", + "logBase": 10, + "max": null, + "min": null, + "step": 10 + } + ], + "thresholds": [ ], + "timeFrom": null, + "timeShift": null, + "title": "Duration", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Object Store Operations", + "titleSize": "h6" + }, + { + "collapse": true, + "height": "250px", + "panels": [ + { + "aliasColors": { }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 17, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "go_memstats_alloc_bytes{job=~\"$job\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "alloc all {{instance}}", + "legendLink": null, + "step": 10 + }, + { + "expr": "go_memstats_heap_alloc_bytes{job=~\"$job\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "alloc heap {{instance}}", + "legendLink": null, + "step": 10 + }, + { + "expr": "rate(go_memstats_alloc_bytes_total{job=~\"$job\"}[30s])", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "alloc rate all {{instance}}", + "legendLink": null, + "step": 10 + }, + { + "expr": "rate(go_memstats_heap_alloc_bytes{job=~\"$job\"}[30s])", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "alloc rate heap {{instance}}", + "legendLink": null, + "step": 10 + }, + { + "expr": "go_memstats_stack_inuse_bytes{job=~\"$job\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "inuse heap {{instance}}", + "legendLink": null, + "step": 10 + }, + { + "expr": "go_memstats_heap_inuse_bytes{job=~\"$job\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "inuse stack {{instance}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Used", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 18, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "go_goroutines{job=~\"$job\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{instance}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ ], + "timeFrom": null, + "timeShift": null, + "title": "Goroutines", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 19, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "go_gc_duration_seconds{job=~\"$job\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{quantile}} {{instance}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ ], + "timeFrom": null, + "timeShift": null, + "title": "GC Time Quantiles", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Resources", + "titleSize": "h6" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + "thanos-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "default", + "value": "default" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "auto": true, + "auto_count": 300, + "auto_min": "10s", + "current": { + "text": "5m", + "value": "5m" + }, + "hide": 0, + "label": "interval", + "name": "interval", + "query": "5m,10m,30m,1h,6h,12h", + "refresh": 2, + "type": "interval" + }, + { + "allValue": null, + "current": { + "text": "all", + "value": "$__all" + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": true, + "label": "job", + "multi": false, + "name": "job", + "options": [ ], + "query": "label_values(up{job=~\".*thanos-compact.*\"}, job)", + "refresh": 1, + "regex": "", + "sort": 2, + "tagValuesQuery": "", + "tags": [ ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "UTC", + "title": "Thanos / Compact", + "uid": "651943d05a8123e32867b4673963f42b", + "version": 0 +} diff --git a/charts/grafana-dashboards/thanos/overview.json b/charts/grafana-dashboards/thanos/overview.json new file mode 100644 index 0000000000..d22b570ec3 --- /dev/null +++ b/charts/grafana-dashboards/thanos/overview.json @@ -0,0 +1,2176 @@ +{ + "annotations": { + "list": [ ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "links": [ ], + "refresh": "10s", + "rows": [ + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "Shows rate of requests against /query for the given time.", + "fill": 10, + "id": 1, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + { + "dashboard": "Thanos / Query", + "includeVars": true, + "keepTime": true, + "title": "Thanos / Query", + "type": "dashboard" + } + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/1../", + "color": "#EAB839" + }, + { + "alias": "/2../", + "color": "#37872D" + }, + { + "alias": "/3../", + "color": "#E0B400" + }, + { + "alias": "/4../", + "color": "#1F60C4" + }, + { + "alias": "/5../", + "color": "#C4162A" + } + ], + "spaceLength": 10, + "span": 4, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (job, handler, code) (rate(http_requests_total{handler=\"query\"}[$interval]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{job}} {{handler}} {{code}}", + "step": 10 + } + ], + "thresholds": [ ], + "timeFrom": null, + "timeShift": null, + "title": "Requests Rate", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + "error": "#E24D42" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "Shows ratio of errors compared to the total number of handled requests against /query.", + "fill": 10, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + { + "dashboard": "Thanos / Query", + "includeVars": true, + "keepTime": true, + "title": "Thanos / Query", + "type": "dashboard" + } + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ ], + "spaceLength": 10, + "span": 4, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (job, code) (rate(http_requests_total{handler=\"query\",code=~\"5..\"}[$interval])) / ignoring (code) group_left() sum by (job) (rate(http_requests_total{handler=\"query\"}[$interval]))", + "format": "time_series", + "intervalFactor": 2, + "step": 10 + } + ], + "thresholds": [ ], + "timeFrom": null, + "timeShift": null, + "title": "Requests Errors", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "Shows how long has it taken to handle requests.", + "fill": 1, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + { + "dashboard": "Thanos / Query", + "includeVars": true, + "keepTime": true, + "title": "Thanos / Query", + "type": "dashboard" + } + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum by (job, le) (rate(http_request_duration_seconds_bucket{handler=\"query\"}[$interval])))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{job}} P99", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + { + "colorMode": "warning", + "fill": true, + "line": true, + "op": "gt", + "value": 0.5, + "yaxis": "left" + }, + { + "colorMode": "critical", + "fill": true, + "line": true, + "op": "gt", + "value": 1, + "yaxis": "left" + } + ], + "timeFrom": null, + "timeShift": null, + "title": "Latency 99th Percentile", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Instant Query", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "Shows rate of requests against /query_range for the given time range.", + "fill": 10, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + { + "dashboard": "Thanos / Query", + "includeVars": true, + "keepTime": true, + "title": "Thanos / Query", + "type": "dashboard" + } + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/1../", + "color": "#EAB839" + }, + { + "alias": "/2../", + "color": "#37872D" + }, + { + "alias": "/3../", + "color": "#E0B400" + }, + { + "alias": "/4../", + "color": "#1F60C4" + }, + { + "alias": "/5../", + "color": "#C4162A" + } + ], + "spaceLength": 10, + "span": 4, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (job, handler, code) (rate(http_requests_total{handler=\"query_range\"}[$interval]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{job}} {{handler}} {{code}}", + "step": 10 + } + ], + "thresholds": [ ], + "timeFrom": null, + "timeShift": null, + "title": "Requests Rate", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + "error": "#E24D42" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "Shows ratio of errors compared to the total number of handled requests against /query_range.", + "fill": 10, + "id": 5, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + { + "dashboard": "Thanos / Query", + "includeVars": true, + "keepTime": true, + "title": "Thanos / Query", + "type": "dashboard" + } + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ ], + "spaceLength": 10, + "span": 4, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (job, code) (rate(http_requests_total{handler=\"query_range\",code=~\"5..\"}[$interval])) / ignoring (code) group_left() sum by (job) (rate(http_requests_total{handler=\"query_range\"}[$interval]))", + "format": "time_series", + "intervalFactor": 2, + "step": 10 + } + ], + "thresholds": [ ], + "timeFrom": null, + "timeShift": null, + "title": "Requests Errors", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "Shows how long has it taken to handle requests.", + "fill": 1, + "id": 6, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + { + "dashboard": "Thanos / Query", + "includeVars": true, + "keepTime": true, + "title": "Thanos / Query", + "type": "dashboard" + } + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum by (job, le) (rate(http_request_duration_seconds_bucket{handler=\"query_range\"}[$interval])))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{job}} P99", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + { + "colorMode": "warning", + "fill": true, + "line": true, + "op": "gt", + "value": 0.5, + "yaxis": "left" + }, + { + "colorMode": "critical", + "fill": true, + "line": true, + "op": "gt", + "value": 1, + "yaxis": "left" + } + ], + "timeFrom": null, + "timeShift": null, + "title": "Latency 99th Percentile", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Range Query", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "Shows rate of handled Unary gRPC requests from queriers.", + "fill": 10, + "id": 7, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + { + "dashboard": "Thanos / Store", + "includeVars": true, + "keepTime": true, + "title": "Thanos / Store", + "type": "dashboard" + } + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/Aborted/", + "color": "#EAB839" + }, + { + "alias": "/AlreadyExists/", + "color": "#37872D" + }, + { + "alias": "/FailedPrecondition/", + "color": "#E0B400" + }, + { + "alias": "/Unimplemented/", + "color": "#E0B400" + }, + { + "alias": "/InvalidArgument/", + "color": "#1F60C4" + }, + { + "alias": "/NotFound/", + "color": "#1F60C4" + }, + { + "alias": "/PermissionDenied/", + "color": "#1F60C4" + }, + { + "alias": "/Unauthenticated/", + "color": "#1F60C4" + }, + { + "alias": "/Canceled/", + "color": "#C4162A" + }, + { + "alias": "/DataLoss/", + "color": "#C4162A" + }, + { + "alias": "/DeadlineExceeded/", + "color": "#C4162A" + }, + { + "alias": "/Internal/", + "color": "#C4162A" + }, + { + "alias": "/OutOfRange/", + "color": "#C4162A" + }, + { + "alias": "/ResourceExhausted/", + "color": "#C4162A" + }, + { + "alias": "/Unavailable/", + "color": "#C4162A" + }, + { + "alias": "/Unknown/", + "color": "#C4162A" + }, + { + "alias": "/OK/", + "color": "#37872D" + }, + { + "alias": "error", + "color": "#C4162A" + } + ], + "spaceLength": 10, + "span": 4, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (job, grpc_method, grpc_code) (rate(grpc_server_handled_total{grpc_type=\"unary\"}[$interval]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{job}} {{grpc_method}} {{grpc_code}}", + "step": 10 + } + ], + "thresholds": [ ], + "timeFrom": null, + "timeShift": null, + "title": "gRPC (Unary) Rate", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + "error": "#E24D42" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "Shows ratio of errors compared to the total number of handled requests from queriers.", + "fill": 10, + "id": 8, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + { + "dashboard": "Thanos / Store", + "includeVars": true, + "keepTime": true, + "title": "Thanos / Store", + "type": "dashboard" + } + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ ], + "spaceLength": 10, + "span": 4, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (job, grpc_code) (rate(grpc_server_handled_total{grpc_code=~\"Unknown|ResourceExhausted|Internal|Unavailable|DataLoss\",grpc_type=\"unary\"}[$interval])) / ignoring (grpc_code) group_left() sum by (job) (rate(grpc_server_handled_total{grpc_type=\"unary\"}[$interval]))", + "format": "time_series", + "intervalFactor": 2, + "step": 10 + } + ], + "thresholds": [ ], + "timeFrom": null, + "timeShift": null, + "title": "gRPC (Unary) Errors", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "Shows how long has it taken to handle requests from queriers.", + "fill": 1, + "id": 9, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + { + "dashboard": "Thanos / Store", + "includeVars": true, + "keepTime": true, + "title": "Thanos / Store", + "type": "dashboard" + } + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum by (job, le) (rate(grpc_server_handling_seconds_bucket{grpc_type=\"unary\"}[$interval])))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{job}} P99", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + { + "colorMode": "warning", + "fill": true, + "line": true, + "op": "gt", + "value": 0.5, + "yaxis": "left" + }, + { + "colorMode": "critical", + "fill": true, + "line": true, + "op": "gt", + "value": 1, + "yaxis": "left" + } + ], + "timeFrom": null, + "timeShift": null, + "title": "gRPC Latency 99th Percentile", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Store", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "Shows rate of handled Unary gRPC requests from queriers.", + "fill": 10, + "id": 10, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + { + "dashboard": "Thanos / Sidecar", + "includeVars": true, + "keepTime": true, + "title": "Thanos / Sidecar", + "type": "dashboard" + } + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/Aborted/", + "color": "#EAB839" + }, + { + "alias": "/AlreadyExists/", + "color": "#37872D" + }, + { + "alias": "/FailedPrecondition/", + "color": "#E0B400" + }, + { + "alias": "/Unimplemented/", + "color": "#E0B400" + }, + { + "alias": "/InvalidArgument/", + "color": "#1F60C4" + }, + { + "alias": "/NotFound/", + "color": "#1F60C4" + }, + { + "alias": "/PermissionDenied/", + "color": "#1F60C4" + }, + { + "alias": "/Unauthenticated/", + "color": "#1F60C4" + }, + { + "alias": "/Canceled/", + "color": "#C4162A" + }, + { + "alias": "/DataLoss/", + "color": "#C4162A" + }, + { + "alias": "/DeadlineExceeded/", + "color": "#C4162A" + }, + { + "alias": "/Internal/", + "color": "#C4162A" + }, + { + "alias": "/OutOfRange/", + "color": "#C4162A" + }, + { + "alias": "/ResourceExhausted/", + "color": "#C4162A" + }, + { + "alias": "/Unavailable/", + "color": "#C4162A" + }, + { + "alias": "/Unknown/", + "color": "#C4162A" + }, + { + "alias": "/OK/", + "color": "#37872D" + }, + { + "alias": "error", + "color": "#C4162A" + } + ], + "spaceLength": 10, + "span": 4, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (job, grpc_method, grpc_code) (rate(grpc_server_handled_total{grpc_type=\"unary\"}[$interval]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{job}} {{grpc_method}} {{grpc_code}}", + "step": 10 + } + ], + "thresholds": [ ], + "timeFrom": null, + "timeShift": null, + "title": "gRPC (Unary) Rate", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + "error": "#E24D42" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "Shows ratio of errors compared to the total number of handled requests from queriers.", + "fill": 10, + "id": 11, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + { + "dashboard": "Thanos / Sidecar", + "includeVars": true, + "keepTime": true, + "title": "Thanos / Sidecar", + "type": "dashboard" + } + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ ], + "spaceLength": 10, + "span": 4, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (job, grpc_code) (rate(grpc_server_handled_total{grpc_code=~\"Unknown|ResourceExhausted|Internal|Unavailable|DataLoss\",grpc_type=\"unary\"}[$interval])) / ignoring (grpc_code) group_left() sum by (job) (rate(grpc_server_handled_total{grpc_type=\"unary\"}[$interval]))", + "format": "time_series", + "intervalFactor": 2, + "step": 10 + } + ], + "thresholds": [ ], + "timeFrom": null, + "timeShift": null, + "title": "gRPC (Unary) Errors", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "Shows how long has it taken to handle requests from queriers, in quantiles.", + "fill": 1, + "id": 12, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + { + "dashboard": "Thanos / Sidecar", + "includeVars": true, + "keepTime": true, + "title": "Thanos / Sidecar", + "type": "dashboard" + } + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum by (job, le) (rate(grpc_server_handling_seconds_bucket{grpc_type=\"unary\"}[$interval])))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{job}} P99", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + { + "colorMode": "warning", + "fill": true, + "line": true, + "op": "gt", + "value": 0.5, + "yaxis": "left" + }, + { + "colorMode": "critical", + "fill": true, + "line": true, + "op": "gt", + "value": 1, + "yaxis": "left" + } + ], + "timeFrom": null, + "timeShift": null, + "title": "gRPC (Unary) Latency 99th Percentile", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Sidecar", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "Shows rate of incoming requests.", + "fill": 10, + "id": 13, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + { + "dashboard": "Thanos / Receive", + "includeVars": true, + "keepTime": true, + "title": "Thanos / Receive", + "type": "dashboard" + } + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/1../", + "color": "#EAB839" + }, + { + "alias": "/2../", + "color": "#37872D" + }, + { + "alias": "/3../", + "color": "#E0B400" + }, + { + "alias": "/4../", + "color": "#1F60C4" + }, + { + "alias": "/5../", + "color": "#C4162A" + } + ], + "spaceLength": 10, + "span": 4, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (job, handler, code) (rate(http_requests_total{handler=\"receive\"}[$interval]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{job}} {{handler}} {{code}}", + "step": 10 + } + ], + "thresholds": [ ], + "timeFrom": null, + "timeShift": null, + "title": "Incoming Requests Rate", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + "error": "#E24D42" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "Shows ratio of errors compared to the total number of handled incoming requests.", + "fill": 10, + "id": 14, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + { + "dashboard": "Thanos / Receive", + "includeVars": true, + "keepTime": true, + "title": "Thanos / Receive", + "type": "dashboard" + } + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ ], + "spaceLength": 10, + "span": 4, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (job, code) (rate(http_requests_total{handler=\"receive\",code=~\"5..\"}[$interval])) / ignoring (code) group_left() sum by (job) (rate(http_requests_total{handler=\"receive\"}[$interval]))", + "format": "time_series", + "intervalFactor": 2, + "step": 10 + } + ], + "thresholds": [ ], + "timeFrom": null, + "timeShift": null, + "title": "Incoming Requests Errors", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "Shows how long has it taken to handle incoming requests.", + "fill": 1, + "id": 15, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + { + "dashboard": "Thanos / Receive", + "includeVars": true, + "keepTime": true, + "title": "Thanos / Receive", + "type": "dashboard" + } + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum by (job, le) (rate(http_request_duration_seconds_bucket{handler=\"receive\"}[$interval])))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{job}} P99", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + { + "colorMode": "warning", + "fill": true, + "line": true, + "op": "gt", + "value": 0.5, + "yaxis": "left" + }, + { + "colorMode": "critical", + "fill": true, + "line": true, + "op": "gt", + "value": 1, + "yaxis": "left" + } + ], + "timeFrom": null, + "timeShift": null, + "title": "Incoming Requests Latency 99th Percentile", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Receive", + "titleSize": "h6" + }, + { + "collapse": true, + "height": "250px", + "panels": [ + { + "aliasColors": { }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "Shows rate of alerts that successfully sent to alert manager.", + "fill": 10, + "id": 16, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + { + "dashboard": "Thanos / Rule", + "includeVars": true, + "keepTime": true, + "title": "Thanos / Rule", + "type": "dashboard" + } + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ ], + "spaceLength": 10, + "span": 4, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (job, alertmanager) (rate(thanos_alert_sender_alerts_sent_total{}[$__rate_interval]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{alertmanager}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ ], + "timeFrom": null, + "timeShift": null, + "title": "Alert Sent Rate", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + "error": "#E24D42" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "Shows ratio of errors compared to the total number of sent alerts.", + "fill": 10, + "id": 17, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + { + "dashboard": "Thanos / Rule", + "includeVars": true, + "keepTime": true, + "title": "Thanos / Rule", + "type": "dashboard" + } + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ ], + "spaceLength": 10, + "span": 4, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (job) (rate(thanos_alert_sender_errors_total{}[$interval])) / sum by (job) (rate(thanos_alert_sender_alerts_sent_total{}[$interval]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "error", + "step": 10 + } + ], + "thresholds": [ ], + "timeFrom": null, + "timeShift": null, + "title": "Alert Sent Errors", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "Shows how long has it taken to send alerts to alert manager.", + "fill": 1, + "id": 18, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ + { + "dashboard": "Thanos / Rule", + "includeVars": true, + "keepTime": true, + "title": "Thanos / Rule", + "type": "dashboard" + } + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum by (job, le) (rate(thanos_alert_sender_latency_seconds_bucket{}[$interval])))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{job}} P99", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ + { + "colorMode": "warning", + "fill": true, + "line": true, + "op": "gt", + "value": 0.5, + "yaxis": "left" + }, + { + "colorMode": "critical", + "fill": true, + "line": true, + "op": "gt", + "value": 1, + "yaxis": "left" + } + ], + "timeFrom": null, + "timeShift": null, + "title": "Alert Sent Duration", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Rule", + "titleSize": "h6" + }, + { + "collapse": true, + "height": "250px", + "panels": [ + { + "aliasColors": { }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "Shows rate of execution for compactions against blocks that are stored in the bucket.", + "fill": 10, + "id": 19, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + { + "dashboard": "Thanos / Compact", + "includeVars": true, + "keepTime": true, + "title": "Thanos / Compact", + "type": "dashboard" + } + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (job) (rate(thanos_compact_group_compactions_total{}[$__rate_interval]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "compaction {{job}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ ], + "timeFrom": null, + "timeShift": null, + "title": "Compaction Rate", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + "error": "#E24D42" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "Shows ratio of errors compared to the total number of executed compactions against blocks that are stored in the bucket.", + "fill": 10, + "id": 20, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ + { + "dashboard": "Thanos / Compact", + "includeVars": true, + "keepTime": true, + "title": "Thanos / Compact", + "type": "dashboard" + } + ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (job) (rate(thanos_compact_group_compactions_failures_total{}[$interval])) / sum by (job) (rate(thanos_compact_group_compactions_total{}[$interval]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "error", + "step": 10 + } + ], + "thresholds": [ ], + "timeFrom": null, + "timeShift": null, + "title": "Compaction Errors", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Compact", + "titleSize": "h6" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + "thanos-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "default", + "value": "default" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "auto": true, + "auto_count": 300, + "auto_min": "10s", + "current": { + "text": "5m", + "value": "5m" + }, + "hide": 0, + "label": "interval", + "name": "interval", + "query": "5m,10m,30m,1h,6h,12h", + "refresh": 2, + "type": "interval" + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "UTC", + "title": "Thanos / Overview", + "uid": "0cb8830a6e957978796729870f560cda", + "version": 0 +} diff --git a/charts/grafana-dashboards/thanos/query.json b/charts/grafana-dashboards/thanos/query.json new file mode 100644 index 0000000000..8a5b27de51 --- /dev/null +++ b/charts/grafana-dashboards/thanos/query.json @@ -0,0 +1,1963 @@ +{ + "annotations": { + "list": [ ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "links": [ ], + "refresh": "10s", + "rows": [ + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "Shows rate of requests against /query for the given time.", + "fill": 10, + "id": 1, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/1../", + "color": "#EAB839" + }, + { + "alias": "/2../", + "color": "#37872D" + }, + { + "alias": "/3../", + "color": "#E0B400" + }, + { + "alias": "/4../", + "color": "#1F60C4" + }, + { + "alias": "/5../", + "color": "#C4162A" + } + ], + "spaceLength": 10, + "span": 4, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (job, handler, code) (rate(http_requests_total{job=~\"$job\", handler=\"query\"}[$interval]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{job}} {{handler}} {{code}}", + "step": 10 + } + ], + "thresholds": [ ], + "timeFrom": null, + "timeShift": null, + "title": "Rate", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + "error": "#E24D42" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "Shows ratio of errors compared to the total number of handled requests against /query.", + "fill": 10, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ ], + "spaceLength": 10, + "span": 4, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (job, code) (rate(http_requests_total{job=~\"$job\", handler=\"query\",code=~\"5..\"}[$interval])) / ignoring (code) group_left() sum by (job) (rate(http_requests_total{job=~\"$job\", handler=\"query\"}[$interval]))", + "format": "time_series", + "intervalFactor": 2, + "step": 10 + } + ], + "thresholds": [ ], + "timeFrom": null, + "timeShift": null, + "title": "Errors", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "Shows how long has it taken to handle requests in quantiles.", + "fill": 1, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "p99", + "color": "#FA6400", + "fill": 1, + "fillGradient": 1 + }, + { + "alias": "p90", + "color": "#E0B400", + "fill": 1, + "fillGradient": 1 + }, + { + "alias": "p50", + "color": "#37872D", + "fill": 10, + "fillGradient": 0 + } + ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.50, sum by (job, le) (rate(http_request_duration_seconds_bucket{job=~\"$job\", handler=\"query\"}[$interval]))) * 1", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "p50 {{job}}", + "logBase": 10, + "max": null, + "min": null, + "step": 10 + }, + { + "expr": "histogram_quantile(0.90, sum by (job, le) (rate(http_request_duration_seconds_bucket{job=~\"$job\", handler=\"query\"}[$interval]))) * 1", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "p90 {{job}}", + "logBase": 10, + "max": null, + "min": null, + "step": 10 + }, + { + "expr": "histogram_quantile(0.99, sum by (job, le) (rate(http_request_duration_seconds_bucket{job=~\"$job\", handler=\"query\"}[$interval]))) * 1", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "p99 {{job}}", + "logBase": 10, + "max": null, + "min": null, + "step": 10 + } + ], + "thresholds": [ ], + "timeFrom": null, + "timeShift": null, + "title": "Duration", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Instant Query API", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "Shows rate of requests against /query_range for the given time range.", + "fill": 10, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/1../", + "color": "#EAB839" + }, + { + "alias": "/2../", + "color": "#37872D" + }, + { + "alias": "/3../", + "color": "#E0B400" + }, + { + "alias": "/4../", + "color": "#1F60C4" + }, + { + "alias": "/5../", + "color": "#C4162A" + } + ], + "spaceLength": 10, + "span": 4, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (job, handler, code) (rate(http_requests_total{job=~\"$job\", handler=\"query_range\"}[$interval]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{job}} {{handler}} {{code}}", + "step": 10 + } + ], + "thresholds": [ ], + "timeFrom": null, + "timeShift": null, + "title": "Rate", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + "error": "#E24D42" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "Shows ratio of errors compared to the total number of handled requests against /query_range.", + "fill": 10, + "id": 5, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ ], + "spaceLength": 10, + "span": 4, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (job, code) (rate(http_requests_total{job=~\"$job\", handler=\"query_range\",code=~\"5..\"}[$interval])) / ignoring (code) group_left() sum by (job) (rate(http_requests_total{job=~\"$job\", handler=\"query_range\"}[$interval]))", + "format": "time_series", + "intervalFactor": 2, + "step": 10 + } + ], + "thresholds": [ ], + "timeFrom": null, + "timeShift": null, + "title": "Errors", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "Shows how long has it taken to handle requests in quantiles.", + "fill": 1, + "id": 6, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "p99", + "color": "#FA6400", + "fill": 1, + "fillGradient": 1 + }, + { + "alias": "p90", + "color": "#E0B400", + "fill": 1, + "fillGradient": 1 + }, + { + "alias": "p50", + "color": "#37872D", + "fill": 10, + "fillGradient": 0 + } + ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.50, sum by (job, le) (rate(http_request_duration_seconds_bucket{job=~\"$job\", handler=\"query_range\"}[$interval]))) * 1", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "p50 {{job}}", + "logBase": 10, + "max": null, + "min": null, + "step": 10 + }, + { + "expr": "histogram_quantile(0.90, sum by (job, le) (rate(http_request_duration_seconds_bucket{job=~\"$job\", handler=\"query_range\"}[$interval]))) * 1", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "p90 {{job}}", + "logBase": 10, + "max": null, + "min": null, + "step": 10 + }, + { + "expr": "histogram_quantile(0.99, sum by (job, le) (rate(http_request_duration_seconds_bucket{job=~\"$job\", handler=\"query_range\"}[$interval]))) * 1", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "p99 {{job}}", + "logBase": 10, + "max": null, + "min": null, + "step": 10 + } + ], + "thresholds": [ ], + "timeFrom": null, + "timeShift": null, + "title": "Duration", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Range Query API", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "Shows rate of handled Unary gRPC requests from other queriers.", + "fill": 10, + "id": 7, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/Aborted/", + "color": "#EAB839" + }, + { + "alias": "/AlreadyExists/", + "color": "#37872D" + }, + { + "alias": "/FailedPrecondition/", + "color": "#E0B400" + }, + { + "alias": "/Unimplemented/", + "color": "#E0B400" + }, + { + "alias": "/InvalidArgument/", + "color": "#1F60C4" + }, + { + "alias": "/NotFound/", + "color": "#1F60C4" + }, + { + "alias": "/PermissionDenied/", + "color": "#1F60C4" + }, + { + "alias": "/Unauthenticated/", + "color": "#1F60C4" + }, + { + "alias": "/Canceled/", + "color": "#C4162A" + }, + { + "alias": "/DataLoss/", + "color": "#C4162A" + }, + { + "alias": "/DeadlineExceeded/", + "color": "#C4162A" + }, + { + "alias": "/Internal/", + "color": "#C4162A" + }, + { + "alias": "/OutOfRange/", + "color": "#C4162A" + }, + { + "alias": "/ResourceExhausted/", + "color": "#C4162A" + }, + { + "alias": "/Unavailable/", + "color": "#C4162A" + }, + { + "alias": "/Unknown/", + "color": "#C4162A" + }, + { + "alias": "/OK/", + "color": "#37872D" + }, + { + "alias": "error", + "color": "#C4162A" + } + ], + "spaceLength": 10, + "span": 4, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (job, grpc_method, grpc_code) (rate(grpc_client_handled_total{job=~\"$job\", grpc_type=\"unary\"}[$interval]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{job}} {{grpc_method}} {{grpc_code}}", + "step": 10 + } + ], + "thresholds": [ ], + "timeFrom": null, + "timeShift": null, + "title": "Rate", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + "error": "#E24D42" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "Shows ratio of errors compared to the total number of handled requests from other queriers.", + "fill": 10, + "id": 8, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ ], + "spaceLength": 10, + "span": 4, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (job, grpc_code) (rate(grpc_client_handled_total{grpc_code=~\"Unknown|ResourceExhausted|Internal|Unavailable|DataLoss\",job=~\"$job\", grpc_type=\"unary\"}[$interval])) / ignoring (grpc_code) group_left() sum by (job) (rate(grpc_client_handled_total{job=~\"$job\", grpc_type=\"unary\"}[$interval]))", + "format": "time_series", + "intervalFactor": 2, + "step": 10 + } + ], + "thresholds": [ ], + "timeFrom": null, + "timeShift": null, + "title": "Errors", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "Shows how long has it taken to handle requests from other queriers, in quantiles.", + "fill": 1, + "id": 9, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "p99", + "color": "#FA6400", + "fill": 1, + "fillGradient": 1 + }, + { + "alias": "p90", + "color": "#E0B400", + "fill": 1, + "fillGradient": 1 + }, + { + "alias": "p50", + "color": "#37872D", + "fill": 10, + "fillGradient": 0 + } + ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.50, sum by (job, le) (rate(grpc_client_handling_seconds_bucket{job=~\"$job\", grpc_type=\"unary\"}[$interval]))) * 1", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "p50 {{job}}", + "logBase": 10, + "max": null, + "min": null, + "step": 10 + }, + { + "expr": "histogram_quantile(0.90, sum by (job, le) (rate(grpc_client_handling_seconds_bucket{job=~\"$job\", grpc_type=\"unary\"}[$interval]))) * 1", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "p90 {{job}}", + "logBase": 10, + "max": null, + "min": null, + "step": 10 + }, + { + "expr": "histogram_quantile(0.99, sum by (job, le) (rate(grpc_client_handling_seconds_bucket{job=~\"$job\", grpc_type=\"unary\"}[$interval]))) * 1", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "p99 {{job}}", + "logBase": 10, + "max": null, + "min": null, + "step": 10 + } + ], + "thresholds": [ ], + "timeFrom": null, + "timeShift": null, + "title": "Duration", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "gRPC (Unary)", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "Shows rate of handled Streamed gRPC requests from other queriers.", + "fill": 10, + "id": 10, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/Aborted/", + "color": "#EAB839" + }, + { + "alias": "/AlreadyExists/", + "color": "#37872D" + }, + { + "alias": "/FailedPrecondition/", + "color": "#E0B400" + }, + { + "alias": "/Unimplemented/", + "color": "#E0B400" + }, + { + "alias": "/InvalidArgument/", + "color": "#1F60C4" + }, + { + "alias": "/NotFound/", + "color": "#1F60C4" + }, + { + "alias": "/PermissionDenied/", + "color": "#1F60C4" + }, + { + "alias": "/Unauthenticated/", + "color": "#1F60C4" + }, + { + "alias": "/Canceled/", + "color": "#C4162A" + }, + { + "alias": "/DataLoss/", + "color": "#C4162A" + }, + { + "alias": "/DeadlineExceeded/", + "color": "#C4162A" + }, + { + "alias": "/Internal/", + "color": "#C4162A" + }, + { + "alias": "/OutOfRange/", + "color": "#C4162A" + }, + { + "alias": "/ResourceExhausted/", + "color": "#C4162A" + }, + { + "alias": "/Unavailable/", + "color": "#C4162A" + }, + { + "alias": "/Unknown/", + "color": "#C4162A" + }, + { + "alias": "/OK/", + "color": "#37872D" + }, + { + "alias": "error", + "color": "#C4162A" + } + ], + "spaceLength": 10, + "span": 4, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (job, grpc_method, grpc_code) (rate(grpc_client_handled_total{job=~\"$job\", grpc_type=\"server_stream\"}[$interval]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{job}} {{grpc_method}} {{grpc_code}}", + "step": 10 + } + ], + "thresholds": [ ], + "timeFrom": null, + "timeShift": null, + "title": "Rate", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + "error": "#E24D42" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "Shows ratio of errors compared to the total number of handled requests from other queriers.", + "fill": 10, + "id": 11, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ ], + "spaceLength": 10, + "span": 4, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (job, grpc_code) (rate(grpc_client_handled_total{grpc_code=~\"Unknown|ResourceExhausted|Internal|Unavailable|DataLoss\",job=~\"$job\", grpc_type=\"server_stream\"}[$interval])) / ignoring (grpc_code) group_left() sum by (job) (rate(grpc_client_handled_total{job=~\"$job\", grpc_type=\"server_stream\"}[$interval]))", + "format": "time_series", + "intervalFactor": 2, + "step": 10 + } + ], + "thresholds": [ ], + "timeFrom": null, + "timeShift": null, + "title": "Errors", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "Shows how long has it taken to handle requests from other queriers, in quantiles", + "fill": 1, + "id": 12, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "p99", + "color": "#FA6400", + "fill": 1, + "fillGradient": 1 + }, + { + "alias": "p90", + "color": "#E0B400", + "fill": 1, + "fillGradient": 1 + }, + { + "alias": "p50", + "color": "#37872D", + "fill": 10, + "fillGradient": 0 + } + ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.50, sum by (job, le) (rate(grpc_client_handling_seconds_bucket{job=~\"$job\", grpc_type=\"server_stream\"}[$interval]))) * 1", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "p50 {{job}}", + "logBase": 10, + "max": null, + "min": null, + "step": 10 + }, + { + "expr": "histogram_quantile(0.90, sum by (job, le) (rate(grpc_client_handling_seconds_bucket{job=~\"$job\", grpc_type=\"server_stream\"}[$interval]))) * 1", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "p90 {{job}}", + "logBase": 10, + "max": null, + "min": null, + "step": 10 + }, + { + "expr": "histogram_quantile(0.99, sum by (job, le) (rate(grpc_client_handling_seconds_bucket{job=~\"$job\", grpc_type=\"server_stream\"}[$interval]))) * 1", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "p99 {{job}}", + "logBase": 10, + "max": null, + "min": null, + "step": 10 + } + ], + "thresholds": [ ], + "timeFrom": null, + "timeShift": null, + "title": "Duration", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "gRPC (Stream)", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "Shows rate of DNS lookups to discover stores.", + "fill": 1, + "id": 13, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ ], + "spaceLength": 10, + "span": 6, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (job) (rate(thanos_query_store_apis_dns_lookups_total{job=~\"$job\"}[$interval]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "lookups {{job}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ ], + "timeFrom": null, + "timeShift": null, + "title": "Rate", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + "error": "#E24D42" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "Shows ratio of failures compared to the total number of executed DNS lookups.", + "fill": 10, + "id": 14, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ ], + "spaceLength": 10, + "span": 6, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (job) (rate(thanos_query_store_apis_dns_failures_total{job=~\"$job\"}[$interval])) / sum by (job) (rate(thanos_query_store_apis_dns_lookups_total{job=~\"$job\"}[$interval]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "error", + "step": 10 + } + ], + "thresholds": [ ], + "timeFrom": null, + "timeShift": null, + "title": "Errors", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "DNS", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "Shows available capacity of processing queries in parallel.", + "fill": 1, + "id": 15, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "max_over_time(thanos_query_concurrent_gate_queries_max{job=~\"$job\"}[$__rate_interval]) - avg_over_time(thanos_query_concurrent_gate_queries_in_flight{job=~\"$job\"}[$__rate_interval])", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{job}} - {{pod}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ ], + "timeFrom": null, + "timeShift": null, + "title": "Concurrent Capacity", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Query Concurrency", + "titleSize": "h6" + }, + { + "collapse": true, + "height": "250px", + "panels": [ + { + "aliasColors": { }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 16, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "go_memstats_alloc_bytes{job=~\"$job\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "alloc all {{instance}}", + "legendLink": null, + "step": 10 + }, + { + "expr": "go_memstats_heap_alloc_bytes{job=~\"$job\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "alloc heap {{instance}}", + "legendLink": null, + "step": 10 + }, + { + "expr": "rate(go_memstats_alloc_bytes_total{job=~\"$job\"}[30s])", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "alloc rate all {{instance}}", + "legendLink": null, + "step": 10 + }, + { + "expr": "rate(go_memstats_heap_alloc_bytes{job=~\"$job\"}[30s])", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "alloc rate heap {{instance}}", + "legendLink": null, + "step": 10 + }, + { + "expr": "go_memstats_stack_inuse_bytes{job=~\"$job\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "inuse heap {{instance}}", + "legendLink": null, + "step": 10 + }, + { + "expr": "go_memstats_heap_inuse_bytes{job=~\"$job\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "inuse stack {{instance}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Used", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 17, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "go_goroutines{job=~\"$job\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{instance}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ ], + "timeFrom": null, + "timeShift": null, + "title": "Goroutines", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 18, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "go_gc_duration_seconds{job=~\"$job\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{quantile}} {{instance}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ ], + "timeFrom": null, + "timeShift": null, + "title": "GC Time Quantiles", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Resources", + "titleSize": "h6" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + "thanos-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "default", + "value": "default" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "auto": true, + "auto_count": 300, + "auto_min": "10s", + "current": { + "text": "5m", + "value": "5m" + }, + "hide": 0, + "label": "interval", + "name": "interval", + "query": "5m,10m,30m,1h,6h,12h", + "refresh": 2, + "type": "interval" + }, + { + "allValue": null, + "current": { + "text": "all", + "value": "$__all" + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": true, + "label": "job", + "multi": false, + "name": "job", + "options": [ ], + "query": "label_values(up{job=~\".*thanos-query.*\"}, job)", + "refresh": 1, + "regex": "", + "sort": 2, + "tagValuesQuery": "", + "tags": [ ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "UTC", + "title": "Thanos / Query", + "uid": "af36c91291a603f1d9fbdabdd127ac4a", + "version": 0 +} diff --git a/charts/grafana-dashboards/thanos/store.json b/charts/grafana-dashboards/thanos/store.json new file mode 100644 index 0000000000..031c6b58c1 --- /dev/null +++ b/charts/grafana-dashboards/thanos/store.json @@ -0,0 +1,2853 @@ +{ + "annotations": { + "list": [ ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "hideControls": false, + "links": [ ], + "refresh": "10s", + "rows": [ + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "Shows rate of handled Unary gRPC requests from queriers.", + "fill": 10, + "id": 1, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/Aborted/", + "color": "#EAB839" + }, + { + "alias": "/AlreadyExists/", + "color": "#37872D" + }, + { + "alias": "/FailedPrecondition/", + "color": "#E0B400" + }, + { + "alias": "/Unimplemented/", + "color": "#E0B400" + }, + { + "alias": "/InvalidArgument/", + "color": "#1F60C4" + }, + { + "alias": "/NotFound/", + "color": "#1F60C4" + }, + { + "alias": "/PermissionDenied/", + "color": "#1F60C4" + }, + { + "alias": "/Unauthenticated/", + "color": "#1F60C4" + }, + { + "alias": "/Canceled/", + "color": "#C4162A" + }, + { + "alias": "/DataLoss/", + "color": "#C4162A" + }, + { + "alias": "/DeadlineExceeded/", + "color": "#C4162A" + }, + { + "alias": "/Internal/", + "color": "#C4162A" + }, + { + "alias": "/OutOfRange/", + "color": "#C4162A" + }, + { + "alias": "/ResourceExhausted/", + "color": "#C4162A" + }, + { + "alias": "/Unavailable/", + "color": "#C4162A" + }, + { + "alias": "/Unknown/", + "color": "#C4162A" + }, + { + "alias": "/OK/", + "color": "#37872D" + }, + { + "alias": "error", + "color": "#C4162A" + } + ], + "spaceLength": 10, + "span": 4, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (job, grpc_method, grpc_code) (rate(grpc_server_handled_total{job=~\"$job\", grpc_type=\"unary\"}[$interval]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{job}} {{grpc_method}} {{grpc_code}}", + "step": 10 + } + ], + "thresholds": [ ], + "timeFrom": null, + "timeShift": null, + "title": "Rate", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + "error": "#E24D42" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "Shows ratio of errors compared to the total number of handled requests from queriers.", + "fill": 10, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ ], + "spaceLength": 10, + "span": 4, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (job, grpc_code) (rate(grpc_server_handled_total{grpc_code=~\"Unknown|ResourceExhausted|Internal|Unavailable|DataLoss\",job=~\"$job\", grpc_type=\"unary\"}[$interval])) / ignoring (grpc_code) group_left() sum by (job) (rate(grpc_server_handled_total{job=~\"$job\", grpc_type=\"unary\"}[$interval]))", + "format": "time_series", + "intervalFactor": 2, + "step": 10 + } + ], + "thresholds": [ ], + "timeFrom": null, + "timeShift": null, + "title": "Errors", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "Shows how long has it taken to handle requests from queriers, in quantiles.", + "fill": 1, + "id": 3, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "p99", + "color": "#FA6400", + "fill": 1, + "fillGradient": 1 + }, + { + "alias": "p90", + "color": "#E0B400", + "fill": 1, + "fillGradient": 1 + }, + { + "alias": "p50", + "color": "#37872D", + "fill": 10, + "fillGradient": 0 + } + ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.50, sum by (job, le) (rate(grpc_server_handling_seconds_bucket{job=~\"$job\", grpc_type=\"unary\"}[$interval]))) * 1", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "p50 {{job}}", + "logBase": 10, + "max": null, + "min": null, + "step": 10 + }, + { + "expr": "histogram_quantile(0.90, sum by (job, le) (rate(grpc_server_handling_seconds_bucket{job=~\"$job\", grpc_type=\"unary\"}[$interval]))) * 1", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "p90 {{job}}", + "logBase": 10, + "max": null, + "min": null, + "step": 10 + }, + { + "expr": "histogram_quantile(0.99, sum by (job, le) (rate(grpc_server_handling_seconds_bucket{job=~\"$job\", grpc_type=\"unary\"}[$interval]))) * 1", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "p99 {{job}}", + "logBase": 10, + "max": null, + "min": null, + "step": 10 + } + ], + "thresholds": [ ], + "timeFrom": null, + "timeShift": null, + "title": "Duration", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "gRPC (Unary)", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "Shows rate of handled Streamed gRPC requests from queriers.", + "fill": 10, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/Aborted/", + "color": "#EAB839" + }, + { + "alias": "/AlreadyExists/", + "color": "#37872D" + }, + { + "alias": "/FailedPrecondition/", + "color": "#E0B400" + }, + { + "alias": "/Unimplemented/", + "color": "#E0B400" + }, + { + "alias": "/InvalidArgument/", + "color": "#1F60C4" + }, + { + "alias": "/NotFound/", + "color": "#1F60C4" + }, + { + "alias": "/PermissionDenied/", + "color": "#1F60C4" + }, + { + "alias": "/Unauthenticated/", + "color": "#1F60C4" + }, + { + "alias": "/Canceled/", + "color": "#C4162A" + }, + { + "alias": "/DataLoss/", + "color": "#C4162A" + }, + { + "alias": "/DeadlineExceeded/", + "color": "#C4162A" + }, + { + "alias": "/Internal/", + "color": "#C4162A" + }, + { + "alias": "/OutOfRange/", + "color": "#C4162A" + }, + { + "alias": "/ResourceExhausted/", + "color": "#C4162A" + }, + { + "alias": "/Unavailable/", + "color": "#C4162A" + }, + { + "alias": "/Unknown/", + "color": "#C4162A" + }, + { + "alias": "/OK/", + "color": "#37872D" + }, + { + "alias": "error", + "color": "#C4162A" + } + ], + "spaceLength": 10, + "span": 4, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (job, grpc_method, grpc_code) (rate(grpc_server_handled_total{job=~\"$job\", grpc_type=\"server_stream\"}[$interval]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{job}} {{grpc_method}} {{grpc_code}}", + "step": 10 + } + ], + "thresholds": [ ], + "timeFrom": null, + "timeShift": null, + "title": "Rate", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + "error": "#E24D42" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "Shows ratio of errors compared to the total number of handled requests from queriers.", + "fill": 10, + "id": 5, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ ], + "spaceLength": 10, + "span": 4, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (job, grpc_code) (rate(grpc_server_handled_total{grpc_code=~\"Unknown|ResourceExhausted|Internal|Unavailable|DataLoss\",job=~\"$job\", grpc_type=\"server_stream\"}[$interval])) / ignoring (grpc_code) group_left() sum by (job) (rate(grpc_server_handled_total{job=~\"$job\", grpc_type=\"server_stream\"}[$interval]))", + "format": "time_series", + "intervalFactor": 2, + "step": 10 + } + ], + "thresholds": [ ], + "timeFrom": null, + "timeShift": null, + "title": "Errors", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "Shows how long has it taken to handle requests from queriers, in quantiles.", + "fill": 1, + "id": 6, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "p99", + "color": "#FA6400", + "fill": 1, + "fillGradient": 1 + }, + { + "alias": "p90", + "color": "#E0B400", + "fill": 1, + "fillGradient": 1 + }, + { + "alias": "p50", + "color": "#37872D", + "fill": 10, + "fillGradient": 0 + } + ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.50, sum by (job, le) (rate(grpc_server_handling_seconds_bucket{job=~\"$job\", grpc_type=\"server_stream\"}[$interval]))) * 1", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "p50 {{job}}", + "logBase": 10, + "max": null, + "min": null, + "step": 10 + }, + { + "expr": "histogram_quantile(0.90, sum by (job, le) (rate(grpc_server_handling_seconds_bucket{job=~\"$job\", grpc_type=\"server_stream\"}[$interval]))) * 1", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "p90 {{job}}", + "logBase": 10, + "max": null, + "min": null, + "step": 10 + }, + { + "expr": "histogram_quantile(0.99, sum by (job, le) (rate(grpc_server_handling_seconds_bucket{job=~\"$job\", grpc_type=\"server_stream\"}[$interval]))) * 1", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "p99 {{job}}", + "logBase": 10, + "max": null, + "min": null, + "step": 10 + } + ], + "thresholds": [ ], + "timeFrom": null, + "timeShift": null, + "title": "Duration", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "gRPC (Stream)", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "Shows rate of execution for operations against the bucket.", + "fill": 10, + "id": 7, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ ], + "spaceLength": 10, + "span": 4, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (job, operation) (rate(thanos_objstore_bucket_operations_total{job=~\"$job\"}[$__rate_interval]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{job}} {{operation}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ ], + "timeFrom": null, + "timeShift": null, + "title": "Rate", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "Shows ratio of errors compared to the total number of executed operations against the bucket.", + "fill": 10, + "id": 8, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ ], + "spaceLength": 10, + "span": 4, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (job, operation) (rate(thanos_objstore_bucket_operation_failures_total{job=~\"$job\"}[$__rate_interval])) / sum by (job, operation) (rate(thanos_objstore_bucket_operations_total{job=~\"$job\"}[$__rate_interval]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{job}} {{operation}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ ], + "timeFrom": null, + "timeShift": null, + "title": "Errors", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "Shows how long has it taken to execute operations against the bucket, in quantiles.", + "fill": 1, + "id": 9, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum by (job, operation, le) (rate(thanos_objstore_bucket_operation_duration_seconds_bucket{job=~\"$job\"}[$__rate_interval]))) * 1", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "P99 {{job}}", + "refId": "A", + "step": 10 + }, + { + "expr": "sum by (job, operation) (rate(thanos_objstore_bucket_operation_duration_seconds_sum{job=~\"$job\"}[$__rate_interval])) * 1 / sum by (job, operation) (rate(thanos_objstore_bucket_operation_duration_seconds_count{job=~\"$job\"}[$__rate_interval]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "mean {{job}}", + "refId": "B", + "step": 10 + }, + { + "expr": "histogram_quantile(0.50, sum by (job, operation, le) (rate(thanos_objstore_bucket_operation_duration_seconds_bucket{job=~\"$job\"}[$__rate_interval]))) * 1", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "P50 {{job}}", + "refId": "C", + "step": 10 + } + ], + "thresholds": [ ], + "timeFrom": null, + "timeShift": null, + "title": "Duration", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Bucket Operations", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "Shows rate of block loads from the bucket.", + "fill": 10, + "id": 10, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ ], + "spaceLength": 10, + "span": 3, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (job) (rate(thanos_bucket_store_block_loads_total{job=~\"$job\"}[$__rate_interval]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "block loads", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ ], + "timeFrom": null, + "timeShift": null, + "title": "Block Load Rate", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + "error": "#E24D42" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "Shows ratio of errors compared to the total number of block loads from the bucket.", + "fill": 10, + "id": 11, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ ], + "spaceLength": 10, + "span": 3, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (job) (rate(thanos_bucket_store_block_load_failures_total{job=~\"$job\"}[$interval])) / sum by (job) (rate(thanos_bucket_store_block_loads_total{job=~\"$job\"}[$interval]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "error", + "step": 10 + } + ], + "thresholds": [ ], + "timeFrom": null, + "timeShift": null, + "title": "Block Load Errors", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "Shows rate of block drops.", + "fill": 10, + "id": 12, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ ], + "spaceLength": 10, + "span": 3, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (job, operation) (rate(thanos_bucket_store_block_drops_total{job=~\"$job\"}[$__rate_interval]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "block drops {{job}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ ], + "timeFrom": null, + "timeShift": null, + "title": "Block Drop Rate", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { + "error": "#E24D42" + }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "Shows ratio of errors compared to the total number of block drops.", + "fill": 10, + "id": 13, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ ], + "spaceLength": 10, + "span": 3, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (job) (rate(thanos_bucket_store_block_drop_failures_total{job=~\"$job\"}[$interval])) / sum by (job) (rate(thanos_bucket_store_block_drops_total{job=~\"$job\"}[$interval]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "error", + "step": 10 + } + ], + "thresholds": [ ], + "timeFrom": null, + "timeShift": null, + "title": "Block Drop Errors", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "percentunit", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Block Operations", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "Show rate of cache requests.", + "fill": 10, + "id": 14, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ ], + "spaceLength": 10, + "span": 3, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (job, item_type) (rate(thanos_store_index_cache_requests_total{job=~\"$job\"}[$__rate_interval]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{job}} {{item_type}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ ], + "timeFrom": null, + "timeShift": null, + "title": "Requests", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "Shows ratio of errors compared to the total number of cache hits.", + "fill": 10, + "id": 15, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ ], + "spaceLength": 10, + "span": 3, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (job, item_type) (rate(thanos_store_index_cache_hits_total{job=~\"$job\"}[$__rate_interval]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{job}} {{item_type}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ ], + "timeFrom": null, + "timeShift": null, + "title": "Hits", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "Show rate of added items to cache.", + "fill": 10, + "id": 16, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ ], + "spaceLength": 10, + "span": 3, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (job, item_type) (rate(thanos_store_index_cache_items_added_total{job=~\"$job\"}[$__rate_interval]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{job}} {{item_type}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ ], + "timeFrom": null, + "timeShift": null, + "title": "Added", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "Show rate of evicted items from cache.", + "fill": 10, + "id": 17, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 0, + "links": [ ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ ], + "spaceLength": 10, + "span": 3, + "stack": true, + "steppedLine": false, + "targets": [ + { + "expr": "sum by (job, item_type) (rate(thanos_store_index_cache_items_evicted_total{job=~\"$job\"}[$__rate_interval]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{job}} {{item_type}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ ], + "timeFrom": null, + "timeShift": null, + "title": "Evicted", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Cache Operations", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "Shows size of chunks that have sent to the bucket.", + "fill": 1, + "id": 18, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ ], + "spaceLength": 10, + "span": 12, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum by (job, le) (rate(thanos_bucket_store_sent_chunk_size_bytes_bucket{job=~\"$job\"}[$__rate_interval])))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "P99", + "legendLink": null, + "step": 10 + }, + { + "expr": "sum by (job) (rate(thanos_bucket_store_sent_chunk_size_bytes_sum{job=~\"$job\"}[$__rate_interval])) / sum by (job) (rate(thanos_bucket_store_sent_chunk_size_bytes_count{job=~\"$job\"}[$__rate_interval]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "mean", + "legendLink": null, + "step": 10 + }, + { + "expr": "histogram_quantile(0.50, sum by (job, le) (rate(thanos_bucket_store_sent_chunk_size_bytes_bucket{job=~\"$job\"}[$__rate_interval])))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "P50", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ ], + "timeFrom": null, + "timeShift": null, + "title": "Chunk Size", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Store Sent", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 19, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ ], + "spaceLength": 10, + "span": 3, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum by (le) (rate(thanos_bucket_store_series_blocks_queried{job=~\"$job\"}[$__rate_interval])))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "P99", + "legendLink": null, + "step": 10 + }, + { + "expr": "sum by (job) (rate(thanos_bucket_store_series_blocks_queried_sum{job=~\"$job\"}[$__rate_interval])) / sum by (job) (rate(thanos_bucket_store_series_blocks_queried_count{job=~\"$job\"}[$__rate_interval]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "mean {{job}}", + "legendLink": null, + "step": 10 + }, + { + "expr": "histogram_quantile(0.50, sum by (le) (rate(thanos_bucket_store_series_blocks_queried{job=~\"$job\"}[$__rate_interval])))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "P50", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ ], + "timeFrom": null, + "timeShift": null, + "title": "Block queried", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "Show the size of data fetched", + "fill": 1, + "id": 20, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ ], + "spaceLength": 10, + "span": 3, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum by (le) (rate(thanos_bucket_store_series_data_fetched{job=~\"$job\"}[$__rate_interval])))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "P99: {{data_type}} / {{job}}", + "legendLink": null, + "step": 10 + }, + { + "expr": "sum by (job, data_type) (rate(thanos_bucket_store_series_data_fetched_sum{job=~\"$job\"}[$__rate_interval])) / sum by (job, data_type) (rate(thanos_bucket_store_series_data_fetched_count{job=~\"$job\"}[$__rate_interval]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "mean: {{data_type}} / {{job}}", + "legendLink": null, + "step": 10 + }, + { + "expr": "histogram_quantile(0.50, sum by (le) (rate(thanos_bucket_store_series_data_fetched{job=~\"$job\"}[$__rate_interval])))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "P50: {{data_type}} / {{job}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ ], + "timeFrom": null, + "timeShift": null, + "title": "Data Fetched", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "Show the size of data touched", + "fill": 1, + "id": 21, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ ], + "spaceLength": 10, + "span": 3, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum by (le) (rate(thanos_bucket_store_series_data_touched{job=~\"$job\"}[$__rate_interval])))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "P99: {{data_type}} / {{job}}", + "legendLink": null, + "step": 10 + }, + { + "expr": "sum by (job, data_type) (rate(thanos_bucket_store_series_data_touched_sum{job=~\"$job\"}[$__rate_interval])) / sum by (job, data_type) (rate(thanos_bucket_store_series_data_touched_count{job=~\"$job\"}[$__rate_interval]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "mean: {{data_type}} / {{job}}", + "legendLink": null, + "step": 10 + }, + { + "expr": "histogram_quantile(0.50, sum by (le) (rate(thanos_bucket_store_series_data_touched{job=~\"$job\"}[$__rate_interval])))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "P50: {{data_type}} / {{job}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ ], + "timeFrom": null, + "timeShift": null, + "title": "Data Touched", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 22, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ ], + "spaceLength": 10, + "span": 3, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.99, sum by (le) (rate(thanos_bucket_store_series_result_series{job=~\"$job\"}[$__rate_interval])))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "P99", + "legendLink": null, + "step": 10 + }, + { + "expr": "sum by (job) (rate(thanos_bucket_store_series_result_series_sum{job=~\"$job\"}[$__rate_interval])) / sum by (job) (rate(thanos_bucket_store_series_result_series_count{job=~\"$job\"}[$__rate_interval]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "mean {{job}}", + "legendLink": null, + "step": 10 + }, + { + "expr": "histogram_quantile(0.50, sum by (le) (rate(thanos_bucket_store_series_result_series{job=~\"$job\"}[$__rate_interval])))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "P50", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ ], + "timeFrom": null, + "timeShift": null, + "title": "Result series", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Series Operations", + "titleSize": "h6" + }, + { + "collapse": false, + "height": "250px", + "panels": [ + { + "aliasColors": { }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "Shows how long has it taken to get all series.", + "fill": 1, + "id": 23, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "p99", + "color": "#FA6400", + "fill": 1, + "fillGradient": 1 + }, + { + "alias": "p90", + "color": "#E0B400", + "fill": 1, + "fillGradient": 1 + }, + { + "alias": "p50", + "color": "#37872D", + "fill": 10, + "fillGradient": 0 + } + ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.50, sum by (job, le) (rate(thanos_bucket_store_series_get_all_duration_seconds_bucket{job=~\"$job\"}[$interval]))) * 1", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "p50 {{job}}", + "logBase": 10, + "max": null, + "min": null, + "step": 10 + }, + { + "expr": "histogram_quantile(0.90, sum by (job, le) (rate(thanos_bucket_store_series_get_all_duration_seconds_bucket{job=~\"$job\"}[$interval]))) * 1", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "p90 {{job}}", + "logBase": 10, + "max": null, + "min": null, + "step": 10 + }, + { + "expr": "histogram_quantile(0.99, sum by (job, le) (rate(thanos_bucket_store_series_get_all_duration_seconds_bucket{job=~\"$job\"}[$interval]))) * 1", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "p99 {{job}}", + "logBase": 10, + "max": null, + "min": null, + "step": 10 + } + ], + "thresholds": [ ], + "timeFrom": null, + "timeShift": null, + "title": "Get All", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "Shows how long has it taken to merge series.", + "fill": 1, + "id": 24, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "p99", + "color": "#FA6400", + "fill": 1, + "fillGradient": 1 + }, + { + "alias": "p90", + "color": "#E0B400", + "fill": 1, + "fillGradient": 1 + }, + { + "alias": "p50", + "color": "#37872D", + "fill": 10, + "fillGradient": 0 + } + ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.50, sum by (job, le) (rate(thanos_bucket_store_series_merge_duration_seconds_bucket{job=~\"$job\"}[$interval]))) * 1", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "p50 {{job}}", + "logBase": 10, + "max": null, + "min": null, + "step": 10 + }, + { + "expr": "histogram_quantile(0.90, sum by (job, le) (rate(thanos_bucket_store_series_merge_duration_seconds_bucket{job=~\"$job\"}[$interval]))) * 1", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "p90 {{job}}", + "logBase": 10, + "max": null, + "min": null, + "step": 10 + }, + { + "expr": "histogram_quantile(0.99, sum by (job, le) (rate(thanos_bucket_store_series_merge_duration_seconds_bucket{job=~\"$job\"}[$interval]))) * 1", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "p99 {{job}}", + "logBase": 10, + "max": null, + "min": null, + "step": 10 + } + ], + "thresholds": [ ], + "timeFrom": null, + "timeShift": null, + "title": "Merge", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "description": "Shows how long has it taken for a series to wait at the gate.", + "fill": 1, + "id": 25, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "p99", + "color": "#FA6400", + "fill": 1, + "fillGradient": 1 + }, + { + "alias": "p90", + "color": "#E0B400", + "fill": 1, + "fillGradient": 1 + }, + { + "alias": "p50", + "color": "#37872D", + "fill": 10, + "fillGradient": 0 + } + ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "histogram_quantile(0.50, sum by (job, le) (rate(thanos_bucket_store_series_gate_duration_seconds_bucket{job=~\"$job\"}[$interval]))) * 1", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "p50 {{job}}", + "logBase": 10, + "max": null, + "min": null, + "step": 10 + }, + { + "expr": "histogram_quantile(0.90, sum by (job, le) (rate(thanos_bucket_store_series_gate_duration_seconds_bucket{job=~\"$job\"}[$interval]))) * 1", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "p90 {{job}}", + "logBase": 10, + "max": null, + "min": null, + "step": 10 + }, + { + "expr": "histogram_quantile(0.99, sum by (job, le) (rate(thanos_bucket_store_series_gate_duration_seconds_bucket{job=~\"$job\"}[$interval]))) * 1", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "p99 {{job}}", + "logBase": 10, + "max": null, + "min": null, + "step": 10 + } + ], + "thresholds": [ ], + "timeFrom": null, + "timeShift": null, + "title": "Gate", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "s", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Series Operation Durations", + "titleSize": "h6" + }, + { + "collapse": true, + "height": "250px", + "panels": [ + { + "aliasColors": { }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 26, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "go_memstats_alloc_bytes{job=~\"$job\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "alloc all {{instance}}", + "legendLink": null, + "step": 10 + }, + { + "expr": "go_memstats_heap_alloc_bytes{job=~\"$job\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "alloc heap {{instance}}", + "legendLink": null, + "step": 10 + }, + { + "expr": "rate(go_memstats_alloc_bytes_total{job=~\"$job\"}[30s])", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "alloc rate all {{instance}}", + "legendLink": null, + "step": 10 + }, + { + "expr": "rate(go_memstats_heap_alloc_bytes{job=~\"$job\"}[30s])", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "alloc rate heap {{instance}}", + "legendLink": null, + "step": 10 + }, + { + "expr": "go_memstats_stack_inuse_bytes{job=~\"$job\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "inuse heap {{instance}}", + "legendLink": null, + "step": 10 + }, + { + "expr": "go_memstats_heap_inuse_bytes{job=~\"$job\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "inuse stack {{instance}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ ], + "timeFrom": null, + "timeShift": null, + "title": "Memory Used", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 27, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "go_goroutines{job=~\"$job\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{instance}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ ], + "timeFrom": null, + "timeShift": null, + "title": "Goroutines", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "aliasColors": { }, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "id": 28, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [ ], + "nullPointMode": "null as zero", + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ ], + "spaceLength": 10, + "span": 4, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "go_gc_duration_seconds{job=~\"$job\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{quantile}} {{instance}}", + "legendLink": null, + "step": 10 + } + ], + "thresholds": [ ], + "timeFrom": null, + "timeShift": null, + "title": "GC Time Quantiles", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [ ] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "repeat": null, + "repeatIteration": null, + "repeatRowId": null, + "showTitle": true, + "title": "Resources", + "titleSize": "h6" + } + ], + "schemaVersion": 14, + "style": "dark", + "tags": [ + "thanos-mixin" + ], + "templating": { + "list": [ + { + "current": { + "text": "default", + "value": "default" + }, + "hide": 0, + "label": null, + "name": "datasource", + "options": [ ], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "auto": true, + "auto_count": 300, + "auto_min": "10s", + "current": { + "text": "5m", + "value": "5m" + }, + "hide": 0, + "label": "interval", + "name": "interval", + "query": "5m,10m,30m,1h,6h,12h", + "refresh": 2, + "type": "interval" + }, + { + "allValue": null, + "current": { + "text": "all", + "value": "$__all" + }, + "datasource": "$datasource", + "hide": 0, + "includeAll": true, + "label": "job", + "multi": false, + "name": "job", + "options": [ ], + "query": "label_values(up{job=~\".*thanos-store.*\"}, job)", + "refresh": 1, + "regex": "", + "sort": 2, + "tagValuesQuery": "", + "tags": [ ], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "UTC", + "title": "Thanos / Store", + "uid": "e832e8f26403d95fac0ea1c59837588b", + "version": 0 +} diff --git a/charts/grafana-dashboards/values.yaml b/charts/grafana-dashboards/values.yaml index c84c66ff24..54606ca514 100644 --- a/charts/grafana-dashboards/values.yaml +++ b/charts/grafana-dashboards/values.yaml @@ -10,6 +10,7 @@ folders: - trivy - trivy-teams - velero + - thanos sidecar: dashboards: diff --git a/charts/otomi-operator/templates/rbac.yaml b/charts/otomi-operator/templates/rbac.yaml index a8b8dca232..8807c10e12 100644 --- a/charts/otomi-operator/templates/rbac.yaml +++ b/charts/otomi-operator/templates/rbac.yaml @@ -14,6 +14,9 @@ rules: - apiGroups: [""] resources: ["secrets"] verbs: ["get", "watch", "list", "delete", "update", "create", "patch"] +- apiGroups: [""] + resources: ["namespaces"] + verbs: ["get", "watch", "list"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding diff --git a/charts/team-ns/templates/netpols/default-istio-service-entries.yaml b/charts/team-ns/templates/netpols/default-istio-service-entries.yaml index e687b4607b..96ea17a62b 100644 --- a/charts/team-ns/templates/netpols/default-istio-service-entries.yaml +++ b/charts/team-ns/templates/netpols/default-istio-service-entries.yaml @@ -2,6 +2,8 @@ {{- $v := .Values | merge (dict) }} {{/* Above merge is a workaround for: https://github.com/helm/helm/issues/9266 */}} {{- $ := . }} +{{- $prometheus := dig "managedMonitoring" "prometheus" false $v }} +{{- $thanos := dig "apps" "thanos" "enabled" false $v }} {{- if (eq $v.teamId "admin") }} --- apiVersion: networking.istio.io/v1alpha3 @@ -18,4 +20,21 @@ spec: protocol: TLS location: MESH_EXTERNAL resolution: DNS +{{- end }} +{{- if and ($prometheus) ($thanos) (eq .Values.obj.provider.type "linode" ) }} +--- +apiVersion: networking.istio.io/v1alpha3 +kind: ServiceEntry +metadata: + name: obj-linode + labels: {{- include "team-ns.chart-labels" $ | nindent 4 }} +spec: + hosts: + - {{ .Values.obj.provider.linode.region }}.linodeobjects.com + ports: + - number: 443 + name: https + protocol: TLS + location: MESH_EXTERNAL + resolution: DNS {{- end }} \ No newline at end of file diff --git a/charts/team-ns/templates/netpols/default-network-policies.yaml b/charts/team-ns/templates/netpols/default-network-policies.yaml index 559052b487..5a07253863 100644 --- a/charts/team-ns/templates/netpols/default-network-policies.yaml +++ b/charts/team-ns/templates/netpols/default-network-policies.yaml @@ -57,6 +57,13 @@ spec: podSelector: matchLabels: app.kubernetes.io/instance: po-prometheus + - from: + - namespaceSelector: + matchLabels: + name: monitoring + podSelector: + matchLabels: + app.kubernetes.io/component: query - from: - namespaceSelector: matchLabels: @@ -107,6 +114,12 @@ spec: podSelector: matchLabels: app.kubernetes.io/name: {{ $v.teamId }}-po-grafana + - namespaceSelector: + matchLabels: + name: monitoring + podSelector: + matchLabels: + app.kubernetes.io/instance: thanos podSelector: matchLabels: app.kubernetes.io/instance: {{ $v.teamId }}-po-prometheus diff --git a/charts/team-ns/templates/servicemonitors/service-monitors.yaml b/charts/team-ns/templates/servicemonitors/service-monitors.yaml index d421d8721c..1e71999166 100644 --- a/charts/team-ns/templates/servicemonitors/service-monitors.yaml +++ b/charts/team-ns/templates/servicemonitors/service-monitors.yaml @@ -1,5 +1,4 @@ {{- $v := .Values | merge (dict) }} -{{- $prometheus := dig "managedMonitoring" "prometheus" false $v }} {{- $alertmng := dig "managedMonitoring" "alertmanager" false $v }} {{- $grafana := dig "managedMonitoring" "grafana" false $v }} {{- if not (eq $v.teamId "admin") }} @@ -27,26 +26,6 @@ spec: release: prometheus-{{ $v.teamId }} {{- end }} --- -{{- if $prometheus }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - labels: - prometheus: system - name: po-prometheus-team-{{ $v.teamId }} -spec: - endpoints: - - path: /metrics - port: http-web - namespaceSelector: - matchNames: - - team-{{ $v.teamId }} - selector: - matchLabels: - app: {{ $v.teamId }}-po-prometheus - release: prometheus-{{ $v.teamId }} -{{- end }} ---- {{- if $grafana }} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor diff --git a/charts/team-ns/values.yaml b/charts/team-ns/values.yaml index 7cbfac486b..afc89b6017 100644 --- a/charts/team-ns/values.yaml +++ b/charts/team-ns/values.yaml @@ -16,3 +16,4 @@ selfService: apps: [] service: [] team: [] +obj: {} diff --git a/charts/thanos/.helmignore b/charts/thanos/.helmignore new file mode 100644 index 0000000000..207983f368 --- /dev/null +++ b/charts/thanos/.helmignore @@ -0,0 +1,25 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +# img folder +img/ +# Changelog +CHANGELOG.md diff --git a/charts/thanos/CHANGELOG.md b/charts/thanos/CHANGELOG.md new file mode 100644 index 0000000000..696c24b24a --- /dev/null +++ b/charts/thanos/CHANGELOG.md @@ -0,0 +1,1634 @@ +# Changelog + +## 15.7.15 (2024-07-25) + +* [bitnami/thanos] Release 15.7.15 ([#28508](https://github.com/bitnami/charts/pull/28508)) + +## 15.7.14 (2024-07-24) + +* [bitnami/thanos] Release 15.7.14 (#28386) ([edf6bd2](https://github.com/bitnami/charts/commit/edf6bd206e61401919388afae48c86202c6adc88)), closes [#28386](https://github.com/bitnami/charts/issues/28386) + +## 15.7.13 (2024-07-18) + +* [bitnami/thanos] Global StorageClass as default value (#28103) ([e239a85](https://github.com/bitnami/charts/commit/e239a8575d54acb106885d4861690d037d0ff7dc)), closes [#28103](https://github.com/bitnami/charts/issues/28103) + +## 15.7.12 (2024-07-04) + +* [bitnami/thanos] Release 15.7.12 (#27792) ([f4bd712](https://github.com/bitnami/charts/commit/f4bd7126c3617faa30c875b68a1f974d72c53ca6)), closes [#27792](https://github.com/bitnami/charts/issues/27792) + +## 15.7.11 (2024-07-03) + +* [bitnami/thanos] Release 15.7.11 (#27678) ([a0a34ce](https://github.com/bitnami/charts/commit/a0a34cef1d7537e9f5a1cb457e7bfcf932932b10)), closes [#27678](https://github.com/bitnami/charts/issues/27678) + +## 15.7.10 (2024-06-26) + +* [bitnami/*] Update README changing TAC wording (#27530) ([52dfed6](https://github.com/bitnami/charts/commit/52dfed6bac44d791efabfaf06f15daddc4fefb0c)), closes [#27530](https://github.com/bitnami/charts/issues/27530) +* [bitnami/thanos] Add validation for Thanos receive configuration (#27501) ([fbf31b7](https://github.com/bitnami/charts/commit/fbf31b7dc547003ef016a3ac2ac46f9e89b15245)), closes [#27501](https://github.com/bitnami/charts/issues/27501) + +## 15.7.9 (2024-06-18) + +* [bitnami/thanos] Release 15.7.9 (#27424) ([ef0b51e](https://github.com/bitnami/charts/commit/ef0b51e43f2de5b48901baca609aeac475513d8c)), closes [#27424](https://github.com/bitnami/charts/issues/27424) + +## 15.7.8 (2024-06-18) + +* [bitnami/thanos] fix thanos dual-stack receive monitoring (#27112) ([017b2fb](https://github.com/bitnami/charts/commit/017b2fbec6acfa382a1cf08968b5cb676ba42b8d)), closes [#27112](https://github.com/bitnami/charts/issues/27112) + +## 15.7.7 (2024-06-17) + +* [bitnami/thanos] Release 15.7.7 (#27294) ([7e339f1](https://github.com/bitnami/charts/commit/7e339f15ac83263c386d63e2bf68cfd82fca7deb)), closes [#27294](https://github.com/bitnami/charts/issues/27294) + +## 15.7.6 (2024-06-12) + +* [bitnami/thanos] Fix sharded storegateway cache configs (again) (#27101) ([e6d16b4](https://github.com/bitnami/charts/commit/e6d16b4256f027adbb3610b4e66ee2c05039618f)), closes [#27101](https://github.com/bitnami/charts/issues/27101) + +## 15.7.5 (2024-06-11) + +* [bitnami/thanos] only deploy networkPolicy when component is enabled (#27070) ([1bd3b34](https://github.com/bitnami/charts/commit/1bd3b342399ed142ef26f060f63d058e393435c2)), closes [#27070](https://github.com/bitnami/charts/issues/27070) + +## 15.7.4 (2024-06-11) + +* [bitnami/thanos] Fix sharded storegateway cache configs (#26490) ([54afe30](https://github.com/bitnami/charts/commit/54afe30e41e8f5ec81b8bd0c7e523a9d218bded3)), closes [#26490](https://github.com/bitnami/charts/issues/26490) + +## 15.7.3 (2024-06-10) + +* [bitnami/thanos] add service monitor labels (#26880) ([162d466](https://github.com/bitnami/charts/commit/162d466ef79df488b418ec184952e04615ed8ec6)), closes [#26880](https://github.com/bitnami/charts/issues/26880) + +## 15.7.2 (2024-06-06) + +* [bitnami/thanos] Release 15.7.2 (#27020) ([63e189e](https://github.com/bitnami/charts/commit/63e189e67eca6e03ddeac7957c11f008f2676f91)), closes [#27020](https://github.com/bitnami/charts/issues/27020) + +## 15.7.1 (2024-06-05) + +* [bitnami/thanos] Bump chart version (#26866) ([9f31b0e](https://github.com/bitnami/charts/commit/9f31b0e1c3dfd3d8a4f32e31e89f87a72a65f29b)), closes [#26866](https://github.com/bitnami/charts/issues/26866) + +## 15.7.0 (2024-06-05) + +* [bitnami/thanos] Enable PodDisruptionBudgets (#26709) ([4796dad](https://github.com/bitnami/charts/commit/4796dad161af678c5dbdf04d3ae9d137f9f20ba3)), closes [#26709](https://github.com/bitnami/charts/issues/26709) + +## 15.6.2 (2024-06-05) + +* [bitnami/thanos] Bump chart version (#26808) ([f0b10e8](https://github.com/bitnami/charts/commit/f0b10e83d908b2df59907182615b48ca80b70264)), closes [#26808](https://github.com/bitnami/charts/issues/26808) + +## 15.6.1 (2024-06-05) + +* [bitnami/thanos] Release 15.6.1 (#26755) ([4e3585e](https://github.com/bitnami/charts/commit/4e3585ebd0dbfff61e13c12a529522fa094f8ada)), closes [#26755](https://github.com/bitnami/charts/issues/26755) + +## 15.6.0 (2024-05-31) + +* [bitnami/thanos] Receive, ruler & storegateway statefulsets persistentVolumeClaimRetentionPolicy sup ([c955b0e](https://github.com/bitnami/charts/commit/c955b0e811cdaf59a836e20288f58cf99256db52)), closes [#25676](https://github.com/bitnami/charts/issues/25676) + +## 15.5.1 (2024-05-28) + +* [bitnami/thanos] Release 15.5.1 (#26517) ([06b7586](https://github.com/bitnami/charts/commit/06b7586930c7cd1fefb0e1f4cdd88cd7e8c4655f)), closes [#26517](https://github.com/bitnami/charts/issues/26517) + +## 15.5.0 (2024-05-21) + +* [bitnami/*] ci: :construction_worker: Add tag and changelog support (#25359) ([91c707c](https://github.com/bitnami/charts/commit/91c707c9e4e574725a09505d2d313fb93f1b4c0a)), closes [#25359](https://github.com/bitnami/charts/issues/25359) +* [bitnami/thanos] feat: :sparkles: :lock: Add warning when original images are replaced (#26283) ([2a39de8](https://github.com/bitnami/charts/commit/2a39de8d5c440084763e3b6b7a1f4caa47ef888d)), closes [#26283](https://github.com/bitnami/charts/issues/26283) + +## 15.4.7 (2024-05-18) + +* [bitnami/thanos] Release 15.4.7 updating components versions (#26083) ([e4c2454](https://github.com/bitnami/charts/commit/e4c2454fd6dfe108f30d24dd01ea909d2e306271)), closes [#26083](https://github.com/bitnami/charts/issues/26083) + +## 15.4.6 (2024-05-14) + +* [bitnami/thanos] Release 15.4.6 updating components versions (#25829) ([bf6b3ec](https://github.com/bitnami/charts/commit/bf6b3ec7a3381e13e150e1766a50135a2f3fcb51)), closes [#25829](https://github.com/bitnami/charts/issues/25829) + +## 15.4.5 (2024-05-13) + +* [bitnami/*] Change non-root and rolling-tags doc URLs (#25628) ([b067c94](https://github.com/bitnami/charts/commit/b067c94f6bcde427863c197fd355f0b5ba12ff5b)), closes [#25628](https://github.com/bitnami/charts/issues/25628) +* [bitnami/thanos] Release 15.4.5 updating components versions (#25715) ([41cae24](https://github.com/bitnami/charts/commit/41cae248010a3f6598fca12fa718f60a4752a576)), closes [#25715](https://github.com/bitnami/charts/issues/25715) + +## 15.4.4 (2024-05-08) + +* [bitnami/*] Set new header/owner (#25558) ([8d1dc11](https://github.com/bitnami/charts/commit/8d1dc11f5fb30db6fba50c43d7af59d2f79deed3)), closes [#25558](https://github.com/bitnami/charts/issues/25558) +* [bitnami/thanos] Release 15.4.4 updating components versions (#25622) ([8f47d6a](https://github.com/bitnami/charts/commit/8f47d6a45c779ee6d7f67583a42f61c9358dd53e)), closes [#25622](https://github.com/bitnami/charts/issues/25622) + +## 15.4.3 (2024-05-02) + +* [bitnami/thanos] Release 15.4.3 updating components versions (#25503) ([b63467f](https://github.com/bitnami/charts/commit/b63467f4efcafa31845fab0d40a21084e495fbd5)), closes [#25503](https://github.com/bitnami/charts/issues/25503) + +## 15.4.2 (2024-05-02) + +* correct thanos statefulset-sharded cache config mounts (#25487) ([bb1ece6](https://github.com/bitnami/charts/commit/bb1ece6f1cb4110af1a35ea23bb16e03a76c7595)), closes [#25487](https://github.com/bitnami/charts/issues/25487) + +## 15.4.1 (2024-04-26) + +* [bitnami/thanos] Fix mountPath conflict thanos store (#25384) ([057cc2b](https://github.com/bitnami/charts/commit/057cc2ba3cf3fb6063aa9c6339570154f1446781)), closes [#25384](https://github.com/bitnami/charts/issues/25384) + +## 15.4.0 (2024-04-25) + +* [bitnami/multiple charts] Fix typo: "NetworkPolice" vs "NetworkPolicy" (#25348) ([6970c1b](https://github.com/bitnami/charts/commit/6970c1ba245873506e73d459c6eac1e4919b778f)), closes [#25348](https://github.com/bitnami/charts/issues/25348) +* [bitnami/thanos] Add custom tsdb path (#25334) ([77c4c6f](https://github.com/bitnami/charts/commit/77c4c6f5413609318eceb25effbf8c146a77f460)), closes [#25334](https://github.com/bitnami/charts/issues/25334) +* [bitnami/thanos] Use endpoint group optionally for Store Gateways (#25336) ([e416257](https://github.com/bitnami/charts/commit/e416257ef437af33626c4a1dc94db7b30ba47f64)), closes [#25336](https://github.com/bitnami/charts/issues/25336) +* Replace VMware by Broadcom copyright text (#25306) ([a5e4bd0](https://github.com/bitnami/charts/commit/a5e4bd0e35e419203793976a78d9d0a13de92c76)), closes [#25306](https://github.com/bitnami/charts/issues/25306) + +## 15.3.0 (2024-04-24) + +* [bitnami/thanos] Fix thanos query downstream URL with HTTPS enabled (#25175) ([252c4ef](https://github.com/bitnami/charts/commit/252c4efdb8ef70c4a6cb959a8c5411e92f450fcb)), closes [#25175](https://github.com/bitnami/charts/issues/25175) + +## 15.2.2 (2024-04-24) + +* [bitnami/thanos] Fix thanos checksum annotations (#24737) ([b67cc70](https://github.com/bitnami/charts/commit/b67cc706468a95b5b62160a663c976db159e779a)), closes [#24737](https://github.com/bitnami/charts/issues/24737) + +## 15.2.1 (2024-04-23) + +* [bitnami/thanos] Fix storegateway cache configs (#25242) ([b2b8c91](https://github.com/bitnami/charts/commit/b2b8c91b39e4686fe5732de02cae99301aafda28)), closes [#25242](https://github.com/bitnami/charts/issues/25242) + +## 15.2.0 (2024-04-23) + +* [bitnami/thanos] added pvc labels to thanos-receive (#24934) ([2acf132](https://github.com/bitnami/charts/commit/2acf1327f6de1c44aed228d8e52e78be5d538227)), closes [#24934](https://github.com/bitnami/charts/issues/24934) [#24927](https://github.com/bitnami/charts/issues/24927) + +## 15.1.3 (2024-04-23) + +* [bitnami/thanos] add terminationGracePeriodSeconds (#25315) ([aff45b2](https://github.com/bitnami/charts/commit/aff45b2f5da7e8fac3a634be14912329b72c755b)), closes [#25315](https://github.com/bitnami/charts/issues/25315) + +## 15.1.2 (2024-04-22) + +* [bitnami/thanos] Fix compaction prometheusRule template (#25188) ([05ca034](https://github.com/bitnami/charts/commit/05ca0347906983b7cf060e6db21388b2a9b08b33)), closes [#25188](https://github.com/bitnami/charts/issues/25188) + +## 15.1.1 (2024-04-22) + +* Remove service monitor labels from headless services (#25171) ([38947e0](https://github.com/bitnami/charts/commit/38947e0e76618f8dceb4003c122af347558a7325)), closes [#25171](https://github.com/bitnami/charts/issues/25171) + +## 15.1.0 (2024-04-18) + +* [bitnami/thanos] Allow disabling mTLS for GRPC (#25189) ([a892573](https://github.com/bitnami/charts/commit/a892573536968d4976d4ae948fd9f72eba02cfdb)), closes [#25189](https://github.com/bitnami/charts/issues/25189) + +## 15.0.5 (2024-04-11) + +* fix(thanos): enable Ingress only when component is enabled (#25103) ([f696f8c](https://github.com/bitnami/charts/commit/f696f8c01427d3a6b36e70386caf72503b86bcc1)), closes [#25103](https://github.com/bitnami/charts/issues/25103) + +## 15.0.4 (2024-04-05) + +* [bitnami/thanos] Release 15.0.4 updating components versions (#24978) ([5a26c10](https://github.com/bitnami/charts/commit/5a26c10c6b324121a55f507ce3ef28410022bb2d)), closes [#24978](https://github.com/bitnami/charts/issues/24978) + +## 15.0.3 (2024-04-05) + +* [bitnami/thanos] Release 15.0.3 (#24921) ([273bce4](https://github.com/bitnami/charts/commit/273bce4a89d73f830296a0a411cb608255d19c23)), closes [#24921](https://github.com/bitnami/charts/issues/24921) + +## 15.0.2 (2024-04-03) + +* [bitnami/thanos]Fix: Make prometheus rules reliable with release name (#24655) ([a2a6eab](https://github.com/bitnami/charts/commit/a2a6eabda632d12ded2b2d0959c44aca2b73fab8)), closes [#24655](https://github.com/bitnami/charts/issues/24655) [#24651](https://github.com/bitnami/charts/issues/24651) [#24651](https://github.com/bitnami/charts/issues/24651) +* Update resourcesPreset comments (#24467) ([92e3e8a](https://github.com/bitnami/charts/commit/92e3e8a507326d2a20a8f10ab3e7746a2ec5c554)), closes [#24467](https://github.com/bitnami/charts/issues/24467) + +## 15.0.1 (2024-04-03) + +* [bitnami/thanos] fix: use https for queryURL when ingress is tls (#24456) ([78e9746](https://github.com/bitnami/charts/commit/78e9746c90068202063237103c69a119b8f72dd9)), closes [#24456](https://github.com/bitnami/charts/issues/24456) + +## 15.0.0 (2024-04-02) + +* [bitnami/thanos] feat!: :lock: :boom: Improve security defaults (#24715) ([566b718](https://github.com/bitnami/charts/commit/566b7182ee33991a33a9b16f01ca70f0370d9a49)), closes [#24715](https://github.com/bitnami/charts/issues/24715) + +## 14.0.2 (2024-03-22) + +* [bitnami/*] Reorder Chart sections (#24455) ([0cf4048](https://github.com/bitnami/charts/commit/0cf4048e8743f70a9753d460655bd030cbff6824)), closes [#24455](https://github.com/bitnami/charts/issues/24455) +* [bitnami/thanos] Fix thanos objstoreConfig and storegatewayConfigMap (#24603) ([9a0fece](https://github.com/bitnami/charts/commit/9a0fece43caabdd9fe4de507cf2197945b04ac6d)), closes [#24603](https://github.com/bitnami/charts/issues/24603) + +## 14.0.1 (2024-03-15) + +* [bitnami/thanos] Fine-granted checksum calculation for deployment re-trigger (#24014) ([7469e43](https://github.com/bitnami/charts/commit/7469e4332b74ca204779e1cc78aced092ed2a151)), closes [#24014](https://github.com/bitnami/charts/issues/24014) + +## 14.0.0 (2024-03-15) + +* [bitnami/thanos] Update bundled MinIO (#24477) ([8dbd383](https://github.com/bitnami/charts/commit/8dbd383e946b2d1617088ab6e1374e48ac6b836f)), closes [#24477](https://github.com/bitnami/charts/issues/24477) + +## 13.4.1 (2024-03-07) + +* [bitnami/thanos] Release 13.4.1 updating components versions (#24231) ([57995fd](https://github.com/bitnami/charts/commit/57995fda1955b8522aef555be38a6f32c9cb1bec)), closes [#24231](https://github.com/bitnami/charts/issues/24231) + +## 13.4.0 (2024-03-06) + +* [bitnami/thanos] feat: :sparkles: :lock: Add automatic adaptation for Openshift restricted-v2 SCC (# ([8583f41](https://github.com/bitnami/charts/commit/8583f4143786afcc075da5034aa5c2ec7e15cd04)), closes [#24161](https://github.com/bitnami/charts/issues/24161) + +## 13.3.0 (2024-03-01) + +* [bitnami/thanos] feat: :sparkles: :lock: Add runAsGroup (#23995) ([0011046](https://github.com/bitnami/charts/commit/0011046d93a73e736f7e87a8bd154d85a02818b9)), closes [#23995](https://github.com/bitnami/charts/issues/23995) + +## 13.2.2 (2024-02-22) + +* [bitnami/thanos] Release 13.2.2 updating components versions (#23833) ([4440601](https://github.com/bitnami/charts/commit/4440601576022526f79ff6a465fb49b7466d6d3d)), closes [#23833](https://github.com/bitnami/charts/issues/23833) + +## 13.2.1 (2024-02-21) + +* [bitnami/thanos] Release 13.2.1 updating components versions (#23699) ([e2491f9](https://github.com/bitnami/charts/commit/e2491f9a573e99bd53cc716a532b0bc77b51a30a)), closes [#23699](https://github.com/bitnami/charts/issues/23699) + +## 13.2.0 (2024-02-20) + +* [bitnami/*] Bump all versions (#23602) ([b70ee2a](https://github.com/bitnami/charts/commit/b70ee2a30e4dc256bf0ac52928fb2fa7a70f049b)), closes [#23602](https://github.com/bitnami/charts/issues/23602) + +## 13.1.0 (2024-02-16) + +* [bitnami/thanos] feat: :sparkles: :lock: Add resource preset support (#23527) ([1c268f3](https://github.com/bitnami/charts/commit/1c268f39961df62312784eea2706745609ee709e)), closes [#23527](https://github.com/bitnami/charts/issues/23527) + +## 13.0.0 (2024-02-14) + +* [bitnami/thanos] feat!: :recycle: :lock: Refactor and enable NetworkPolicy by default (#22687) ([89643fd](https://github.com/bitnami/charts/commit/89643fd81ae204769f436ebd8b9c6ccafd8a897c)), closes [#22687](https://github.com/bitnami/charts/issues/22687) + +## 12.23.2 (2024-02-07) + +* [bitnami/thanos] Release 12.23.2 updating components versions (#23279) ([f03c904](https://github.com/bitnami/charts/commit/f03c9046d065ef862ce331c48bd4b6d98962b980)), closes [#23279](https://github.com/bitnami/charts/issues/23279) + +## 12.23.1 (2024-02-03) + +* [bitnami/thanos] Release 12.23.1 updating components versions (#23145) ([7cccb85](https://github.com/bitnami/charts/commit/7cccb85054c219531873a252d65dcf76a5724b13)), closes [#23145](https://github.com/bitnami/charts/issues/23145) + +## 12.23.0 (2024-01-29) + +* [bitnami/thanos] feat: Option to enable ephemeral persistent volume for compactor (#22808) ([055c8ed](https://github.com/bitnami/charts/commit/055c8ede101dfef77e235dbc109f9982dbfa4e4a)), closes [#22808](https://github.com/bitnami/charts/issues/22808) +* [bitnami/thanos] Fix revisionHistoryLimit for thanos storegateway (#22751) ([bc4b1dc](https://github.com/bitnami/charts/commit/bc4b1dcd3ba113f5a1e75b6a65ba522acc241dc5)), closes [#22751](https://github.com/bitnami/charts/issues/22751) + +## 12.22.1 (2024-01-27) + +* [bitnami/thanos] Release 12.22.1 updating components versions (#22803) ([dc6bce1](https://github.com/bitnami/charts/commit/dc6bce1cf0b1087b9512510f2305db1c06bbe38e)), closes [#22803](https://github.com/bitnami/charts/issues/22803) + +## 12.22.0 (2024-01-26) + +* [bitnami/*] Move documentation sections from docs.bitnami.com back to the README (#22203) ([7564f36](https://github.com/bitnami/charts/commit/7564f36ca1e95ff30ee686652b7ab8690561a707)), closes [#22203](https://github.com/bitnami/charts/issues/22203) +* [bitnami/thanos] Add revisionHistoryLimit option for each component (#22698) ([0413c10](https://github.com/bitnami/charts/commit/0413c1076edae7ac3fbeb0f0603d87aab1d82ef9)), closes [#22698](https://github.com/bitnami/charts/issues/22698) + +## 12.21.2 (2024-01-24) + +* [bitnami/thanos] fix: :bug: Set seLinuxOptions to null for Openshift compatibility (#22664) ([38e9c47](https://github.com/bitnami/charts/commit/38e9c47af91e58a55a3b7c180ccb57a144e7d20f)), closes [#22664](https://github.com/bitnami/charts/issues/22664) +* [thanos]: Add labels option for query service GRPC (#22228) ([325f583](https://github.com/bitnami/charts/commit/325f583a3beb40e1c1c45d166a29795fd954d848)), closes [#22228](https://github.com/bitnami/charts/issues/22228) + +## 12.21.1 (2024-01-18) + +* [bitnami/thanos] Release 12.21.1 updating components versions (#22343) ([106af76](https://github.com/bitnami/charts/commit/106af76630710ca7b45f7165de2762c6f30cec5a)), closes [#22343](https://github.com/bitnami/charts/issues/22343) + +## 12.21.0 (2024-01-16) + +* [bitnami/thanos] fix: :lock: Improve podSecurityContext and containerSecurityContext with essential ([c6fc750](https://github.com/bitnami/charts/commit/c6fc75052a88888c73af2e895d1a97665f3aca5d)), closes [#22195](https://github.com/bitnami/charts/issues/22195) + +## 12.20.4 (2024-01-15) + +* [bitnami/thanos] fix: :lock: Do not use the default service account (#22031) ([5ba6305](https://github.com/bitnami/charts/commit/5ba630571f3655e561403e6648cad6f9d82451c2)), closes [#22031](https://github.com/bitnami/charts/issues/22031) + +## 12.20.3 (2024-01-12) + +* [bitnami/*] Fix ref links (in comments) (#21822) ([e4fa296](https://github.com/bitnami/charts/commit/e4fa296106b225cf8c82445727c675c7c725e380)), closes [#21822](https://github.com/bitnami/charts/issues/21822) +* [bitnami/thanos] Release 12.20.3 updating components versions (#22010) ([af1b1c9](https://github.com/bitnami/charts/commit/af1b1c9f529eb50b47ad043b8da5df71b4f6eaa6)), closes [#22010](https://github.com/bitnami/charts/issues/22010) + +## 12.20.2 (2024-01-10) + +* [bitnami/*] Fix docs.bitnami.com broken links (#21901) ([f35506d](https://github.com/bitnami/charts/commit/f35506d2dadee4f097986e7792df1f53ab215b5d)), closes [#21901](https://github.com/bitnami/charts/issues/21901) +* [bitnami/*] Update copyright: Year and company (#21815) ([6c4bf75](https://github.com/bitnami/charts/commit/6c4bf75dec58fc7c9aee9f089777b1a858c17d5b)), closes [#21815](https://github.com/bitnami/charts/issues/21815) +* [bitnami/thanos] Release 12.20.2 updating components versions (#21972) ([d6544fb](https://github.com/bitnami/charts/commit/d6544fb56c081bc2a31ba28e92d39026f8f5d754)), closes [#21972](https://github.com/bitnami/charts/issues/21972) + +## 12.20.1 (2023-12-21) + +* [bitnami/thanos]: Removing replicas in storegateway in sharded mode when autoscaling is enabled (#21 ([fcb2dbb](https://github.com/bitnami/charts/commit/fcb2dbb0a0641d90d8d7f376ca21751253f81bf9)), closes [#21515](https://github.com/bitnami/charts/issues/21515) + +## 12.20.0 (2023-12-19) + +* [bitnami/thanos] Add Configurability for runbookUrl Parameter (#21628) ([83d8843](https://github.com/bitnami/charts/commit/83d8843f90292dbd1e8130cc216f2d70e2a311fa)), closes [#21628](https://github.com/bitnami/charts/issues/21628) + +## 12.19.1 (2023-12-19) + +* [bitnami/thanos] Release 12.19.1 updating components versions (#21645) ([e21d642](https://github.com/bitnami/charts/commit/e21d642701b693661336c30efc3750bf2bfd32b7)), closes [#21645](https://github.com/bitnami/charts/issues/21645) + +## 12.19.0 (2023-12-19) + +* [bitnami/thanos] Add minReadySeconds to Thanos Receive (#21583) ([0c325af](https://github.com/bitnami/charts/commit/0c325af7a1101bac2d1c05f91354208e6095ae69)), closes [#21583](https://github.com/bitnami/charts/issues/21583) + +## 12.18.0 (2023-12-13) + +* [bitnami/thanos] Implement tpl for ingress hostname/extraTls (#21351) ([daa7324](https://github.com/bitnami/charts/commit/daa73246213ebcc2e346e973882b3ef86d6c1a30)), closes [#21351](https://github.com/bitnami/charts/issues/21351) + +## 12.17.0 (2023-12-11) + +* [bitnami/thanos] feat: expose compactor cronjob ttlSecondsAfterFinished (#21411) ([d2a41e2](https://github.com/bitnami/charts/commit/d2a41e2527d3d7fff73aee990bf1fc0f85d2599c)), closes [#21411](https://github.com/bitnami/charts/issues/21411) + +## 12.16.2 (2023-12-07) + +* [bitnami/thanos] Release 12.16.2 updating components versions (#21436) ([f1d93a5](https://github.com/bitnami/charts/commit/f1d93a57c2e6702beb513584c02d01975e97c6e3)), closes [#21436](https://github.com/bitnami/charts/issues/21436) + +## 12.16.1 (2023-11-21) + +* [bitnami/*] Rename solutions to "Bitnami package for ..." (#21038) ([b82f979](https://github.com/bitnami/charts/commit/b82f979e4fb63423fe6e2192c946d09d79c944fc)), closes [#21038](https://github.com/bitnami/charts/issues/21038) +* [bitnami/thanos] Release 12.16.1 updating components versions (#21180) ([1d867ec](https://github.com/bitnami/charts/commit/1d867eccd555c1ceacb35efa2c4e6073da603b93)), closes [#21180](https://github.com/bitnami/charts/issues/21180) + +## 12.16.0 (2023-11-20) + +* [bitnami/*] Remove relative links to non-README sections, add verification for that and update TL;DR ([1103633](https://github.com/bitnami/charts/commit/11036334d82df0490aa4abdb591543cab6cf7d7f)), closes [#20967](https://github.com/bitnami/charts/issues/20967) +* [bitnami/thanos] feat: add generic ephemeral volume option for compactor (#21030) ([5f9344f](https://github.com/bitnami/charts/commit/5f9344fd22a0fda31af0b6f8cff3441faea294f8)), closes [#21030](https://github.com/bitnami/charts/issues/21030) + +## 12.15.0 (2023-11-10) + +* [bitnami/thanos] Automatically apply query-frontend's ingress hostname to alert.queryURL (#20795) ([fe05d92](https://github.com/bitnami/charts/commit/fe05d92bdc633d238cd72a20be9f473d74e5ef82)), closes [#20795](https://github.com/bitnami/charts/issues/20795) + +## 12.14.2 (2023-11-09) + +* [bitnami/thanos] Release 12.14.2 updating components versions (#20831) ([f017cfa](https://github.com/bitnami/charts/commit/f017cfaeb6fd916e62ab36052d83d16779603d84)), closes [#20831](https://github.com/bitnami/charts/issues/20831) + +## 12.14.1 (2023-11-08) + +* [bitnami/thanos] Release 12.14.1 updating components versions (#20788) ([8560811](https://github.com/bitnami/charts/commit/8560811fd597b79f2708029ba83f4c657bf6e026)), closes [#20788](https://github.com/bitnami/charts/issues/20788) + +## 12.14.0 (2023-11-07) + +* [bitnami/thanos] feat: :sparkles: Add support for PSA restricted policy (#20553) ([af354f2](https://github.com/bitnami/charts/commit/af354f22eb682e86100481fe6501f21a63b612fd)), closes [#20553](https://github.com/bitnami/charts/issues/20553) + +## 12.13.13 (2023-10-25) + +* [bitnami/*] Rename VMware Application Catalog (#20361) ([3acc734](https://github.com/bitnami/charts/commit/3acc73472beb6fb56c4d99f929061001205bc57e)), closes [#20361](https://github.com/bitnami/charts/issues/20361) +* [bitnami/*] Skip image's tag in the README files of the Bitnami Charts (#19841) ([bb9a01b](https://github.com/bitnami/charts/commit/bb9a01b65911c87e48318db922cc05eb42785e42)), closes [#19841](https://github.com/bitnami/charts/issues/19841) +* [bitnami/*] Standardize documentation (#19835) ([af5f753](https://github.com/bitnami/charts/commit/af5f7530c1bc8c5ded53a6c4f7b8f384ac1804f2)), closes [#19835](https://github.com/bitnami/charts/issues/19835) +* [bitnami/thanos] Fix dup common labels in the query pdb (#20340) ([f762fd2](https://github.com/bitnami/charts/commit/f762fd262486763abde7ee266c6c8842e2e89e34)), closes [#20340](https://github.com/bitnami/charts/issues/20340) + +## 12.13.12 (2023-10-19) + +* [bitnami/thanos] Release 12.13.12 (#20320) ([71d96f9](https://github.com/bitnami/charts/commit/71d96f9d5195e4e078c44be19af9f75488273342)), closes [#20320](https://github.com/bitnami/charts/issues/20320) + +## 12.13.11 (2023-10-12) + +* [bitnami/thanos] Release 12.13.11 (#20194) ([1071560](https://github.com/bitnami/charts/commit/1071560d20309c22dec92a31bbc0a8fadef4ac61)), closes [#20194](https://github.com/bitnami/charts/issues/20194) + +## 12.13.10 (2023-10-11) + +* [bitnami/thanos] Release 12.13.10 (#20065) ([ff73e64](https://github.com/bitnami/charts/commit/ff73e649429cdc525641ae1896a4c6f533c3024d)), closes [#20065](https://github.com/bitnami/charts/issues/20065) + +## 12.13.9 (2023-10-10) + +* [bitnami/thanos] Release 12.13.9 (#19988) ([23fc196](https://github.com/bitnami/charts/commit/23fc196e2d126b19a5b4f9842c9adcb7082cecf1)), closes [#19988](https://github.com/bitnami/charts/issues/19988) + +## 12.13.8 (2023-10-10) + +* [bitnami/*] Update Helm charts prerequisites (#19745) ([eb755dd](https://github.com/bitnami/charts/commit/eb755dd36a4dd3cf6635be8e0598f9a7f4c4a554)), closes [#19745](https://github.com/bitnami/charts/issues/19745) +* [bitnami/thanos] Release 12.13.8 (#19944) ([0b59eb2](https://github.com/bitnami/charts/commit/0b59eb26cb0d7065ef0e7e2c299b8028e8e5e38a)), closes [#19944](https://github.com/bitnami/charts/issues/19944) + +## 12.13.7 (2023-10-04) + +* [bitnami/thanos] Release 12.13.7 (#19753) ([b2abc7a](https://github.com/bitnami/charts/commit/b2abc7ac688e76039f66ef9dc3eeab717dbb2ada)), closes [#19753](https://github.com/bitnami/charts/issues/19753) + +## 12.13.6 (2023-10-02) + +* [bitnami/thanos] Use common capabilities for PSP (#19641) ([3bcbd9a](https://github.com/bitnami/charts/commit/3bcbd9a642b41cb28529d1a284bcf5db3b3257e7)), closes [#19641](https://github.com/bitnami/charts/issues/19641) + +## 12.13.5 (2023-09-20) + +* [bitnami/thanos] Release 12.13.5 (#19432) ([9a0c3f9](https://github.com/bitnami/charts/commit/9a0c3f91d01811b2b1b101d0e1d6e09fd401834e)), closes [#19432](https://github.com/bitnami/charts/issues/19432) +* Revert "Autogenerate schema files (#19194)" (#19335) ([73d80be](https://github.com/bitnami/charts/commit/73d80be525c88fb4b8a54451a55acd506e337062)), closes [#19194](https://github.com/bitnami/charts/issues/19194) [#19335](https://github.com/bitnami/charts/issues/19335) + +## 12.13.4 (2023-09-18) + +* [bitnami/thanos] Fix line break issue with serviceMonitor selector labels (#19286) ([c4e23e0](https://github.com/bitnami/charts/commit/c4e23e0bed10742dfb4553773630da286c62b453)), closes [#19286](https://github.com/bitnami/charts/issues/19286) +* Autogenerate schema files (#19194) ([a2c2090](https://github.com/bitnami/charts/commit/a2c2090b5ac97f47b745c8028c6452bf99739772)), closes [#19194](https://github.com/bitnami/charts/issues/19194) + +## 12.13.3 (2023-09-08) + +* [bitnami/thanos]: Use merge helper (#19119) ([9f4fe77](https://github.com/bitnami/charts/commit/9f4fe77cbfcb645d8f38a667997a8c3fbe3f6fef)), closes [#19119](https://github.com/bitnami/charts/issues/19119) + +## 12.13.2 (2023-09-06) + +* [bitnami/thanos] Release 12.13.2 (#19134) ([fe00bbb](https://github.com/bitnami/charts/commit/fe00bbbe6724e977dd865c911f1b36b4ba6fac30)), closes [#19134](https://github.com/bitnami/charts/issues/19134) + +## 12.13.1 (2023-09-01) + +* [bitnami/thanos] Release 12.13.1 (#18985) ([35ad4d9](https://github.com/bitnami/charts/commit/35ad4d921eebfbb1386976e77f12bd01f4a96f3f)), closes [#18985](https://github.com/bitnami/charts/issues/18985) + +## 12.13.0 (2023-08-30) + +* bitnami/thanos enable custom secretName for query.ingress and query.ingress.grpc (#18409) ([c78083c](https://github.com/bitnami/charts/commit/c78083c946876f94b4ff66000ac9b503bb20f70a)), closes [#18409](https://github.com/bitnami/charts/issues/18409) + +## 12.12.1 (2023-08-28) + +* [bitnami/thanos] Release 12.12.1 (#18915) ([3edf0a1](https://github.com/bitnami/charts/commit/3edf0a160cfcf5c0601c066787d69446e17b1d91)), closes [#18915](https://github.com/bitnami/charts/issues/18915) + +## 12.12.0 (2023-08-28) + +* [bitnami/thanos] Support for customizing standard labels (#18756) ([065a727](https://github.com/bitnami/charts/commit/065a7279333f6fa4b43617a2b44fb1f25b23a721)), closes [#18756](https://github.com/bitnami/charts/issues/18756) + +## 12.11.4 (2023-08-24) + +* [bitnami/thanos] thanos/receive/ingress.yaml: support custom portName on extraHosts (#17173) ([d81bc2c](https://github.com/bitnami/charts/commit/d81bc2c1f5f84cb04ce5d6b2b42d47317bc54a72)), closes [#17173](https://github.com/bitnami/charts/issues/17173) + +## 12.11.3 (2023-08-23) + +* [bitnami/thanos] Release 12.11.3 (#18820) ([dd716c2](https://github.com/bitnami/charts/commit/dd716c2aec6be2ee3c85ee685fe086f6643cb23c)), closes [#18820](https://github.com/bitnami/charts/issues/18820) + +## 12.11.2 (2023-08-21) + +* [bitnami/thanos] Release 12.11.2 (#18725) ([20ea1e4](https://github.com/bitnami/charts/commit/20ea1e44daf4da3438fbac5f867030d09868315b)), closes [#18725](https://github.com/bitnami/charts/issues/18725) + +## 12.11.1 (2023-08-17) + +* [bitnami/thanos] Release 12.11.1 (#18494) ([29cf2a1](https://github.com/bitnami/charts/commit/29cf2a10467fa864c3471c967b379496e52b2c81)), closes [#18494](https://github.com/bitnami/charts/issues/18494) + +## 12.11.0 (2023-08-09) + +* [bitnami/thanos] Allow customizing the thanos-sidecar's job name in prometheus alerts (#18140) ([7c285a8](https://github.com/bitnami/charts/commit/7c285a8173a3cb572c2f6002dd67b6e08c111c48)), closes [#18140](https://github.com/bitnami/charts/issues/18140) + +## 12.10.1 (2023-07-31) + +* [bitnami/thanos] Add ServiceMonitor labels for receive-headless service (#17685) ([50a6bb3](https://github.com/bitnami/charts/commit/50a6bb3cd0aca85c18aad13968df33d6992fa593)), closes [#17685](https://github.com/bitnami/charts/issues/17685) + +## 12.10.0 (2023-07-31) + +* add dnsPolicy support in query deployment (#17520) ([769740a](https://github.com/bitnami/charts/commit/769740a31b25ff9497ae6ff32d5089a9bfbbceb6)), closes [#17520](https://github.com/bitnami/charts/issues/17520) + +## 12.9.1 (2023-07-26) + +* [bitnami/thanos] Release 12.9.1 (#17960) ([4047bb4](https://github.com/bitnami/charts/commit/4047bb43e957fa3079617b1db6ce7bf9fb470c1d)), closes [#17960](https://github.com/bitnami/charts/issues/17960) + +## 12.9.0 (2023-07-25) + +* [bitnami/thanos] Add support for custom receiver statfulset labels (#17849) ([da889f4](https://github.com/bitnami/charts/commit/da889f4ad3a11b3f60413c5ae0aeec4ec0b358e3)), closes [#17849](https://github.com/bitnami/charts/issues/17849) + +## 12.8.6 (2023-07-19) + +* [bitnami/thanos] Allow template expressions in extraFlags (#17345) ([1cbe931](https://github.com/bitnami/charts/commit/1cbe9317162070c12b0946240fdf5aec22bf536a)), closes [#17345](https://github.com/bitnami/charts/issues/17345) + +## 12.8.5 (2023-07-17) + +* [bitnami/thanos] Release 12.8.5 (#17740) ([2472b4f](https://github.com/bitnami/charts/commit/2472b4fb22d19096a65843e019d7315cd6dd8464)), closes [#17740](https://github.com/bitnami/charts/issues/17740) + +## 12.8.4 (2023-07-13) + +* [bitnami/thanos] Release 12.8.4 (#17682) ([04864c1](https://github.com/bitnami/charts/commit/04864c1c70e7e26e5f70cc7d55c304f9dba5dbb8)), closes [#17682](https://github.com/bitnami/charts/issues/17682) +* Add copyright header (#17300) ([da68be8](https://github.com/bitnami/charts/commit/da68be8e951225133c7dfb572d5101ca3d61c5ae)), closes [#17300](https://github.com/bitnami/charts/issues/17300) +* Fix rule config (#17111) ([df77c5d](https://github.com/bitnami/charts/commit/df77c5d0688254aa0595f58a2967f7ddd353b8df)), closes [#17111](https://github.com/bitnami/charts/issues/17111) + +## 12.8.3 (2023-06-22) + +* [bitnami/thanos] Release 12.8.3 (#17305) ([d8d3b05](https://github.com/bitnami/charts/commit/d8d3b05b2effe97afabe03eb0935fbd518315a6b)), closes [#17305](https://github.com/bitnami/charts/issues/17305) + +## 12.8.2 (2023-06-21) + +* [bitnami/thanos] Release 12.8.2 (#17284) ([ac5606e](https://github.com/bitnami/charts/commit/ac5606ef66aeded0e321ee1d561b0f3f2f7ce133)), closes [#17284](https://github.com/bitnami/charts/issues/17284) +* [bitnami/thanos] Remove namespace field for cluster wide resources (#17260) ([99bad99](https://github.com/bitnami/charts/commit/99bad997c437f58902644dd95c9ca30758f2111d)), closes [#17260](https://github.com/bitnami/charts/issues/17260) +* Update charts readme (#17217) ([31b3c0a](https://github.com/bitnami/charts/commit/31b3c0afd968ff4429107e34101f7509e6a0e913)), closes [#17217](https://github.com/bitnami/charts/issues/17217) + +## 12.8.1 (2023-06-21) + +* [bitnami/thanos] Release 12.8.1 (#17280) ([ad18684](https://github.com/bitnami/charts/commit/ad186841cd225ea9dc98285e2c92039af1b63211)), closes [#17280](https://github.com/bitnami/charts/issues/17280) + +## 12.8.0 (2023-06-20) + +* [bitnami/thanos] Exclude headless services from serviceMonitor (#17118) ([55acf31](https://github.com/bitnami/charts/commit/55acf31b0ec4fadc0dbed77124ddc9a98d2fe625)), closes [#17118](https://github.com/bitnami/charts/issues/17118) + +## 12.7.0 (2023-06-19) + +* [bitnami/thanos] Add labels for Thanos Compactor PVC (#17171) ([0d90bba](https://github.com/bitnami/charts/commit/0d90bba5d33c24b5029603e70d4624aa81f1ec31)), closes [#17171](https://github.com/bitnami/charts/issues/17171) + +## 12.6.3 (2023-06-13) + +* [bitnami/*] Change copyright section in READMEs (#17006) ([ef986a1](https://github.com/bitnami/charts/commit/ef986a1605241102b3dcafe9fd8089e6fc1201ad)), closes [#17006](https://github.com/bitnami/charts/issues/17006) +* [bitnami/several] Change copyright section in READMEs (#16989) ([5b6a5cf](https://github.com/bitnami/charts/commit/5b6a5cfb7625a751848a2e5cd796bd7278f406ca)), closes [#16989](https://github.com/bitnami/charts/issues/16989) +* [bitnami/thanos]: conditionals for compactor cronjob (#16898) ([90b290b](https://github.com/bitnami/charts/commit/90b290bdf4ab9200fa6f307ae4d8f9804b16cce4)), closes [#16898](https://github.com/bitnami/charts/issues/16898) [bitnami/charts#16742](https://github.com/bitnami/charts/issues/16742) + +## 12.6.2 (2023-05-21) + +* [bitnami/thanos] Release 12.6.2 (#16801) ([a8032e6](https://github.com/bitnami/charts/commit/a8032e67b688c07673564a47098e586f4c26c1c6)), closes [#16801](https://github.com/bitnami/charts/issues/16801) + +## 12.6.1 (2023-05-17) + +* [bitnami/thanos] Added support for query-url for Thanos ruler (#16112) ([1f0028b](https://github.com/bitnami/charts/commit/1f0028bb009582b1bddefd1a84533e4b58fd1d63)), closes [#16112](https://github.com/bitnami/charts/issues/16112) +* Add wording for enterprise page (#16560) ([8f22774](https://github.com/bitnami/charts/commit/8f2277440b976d52785ba9149762ad8620a73d1f)), closes [#16560](https://github.com/bitnami/charts/issues/16560) + +## 12.6.0 (2023-05-09) + +* [bitnami/several] Adapt Chart.yaml to set desired OCI annotations (#16546) ([fc9b18f](https://github.com/bitnami/charts/commit/fc9b18f2e98805d4df629acbcde696f44f973344)), closes [#16546](https://github.com/bitnami/charts/issues/16546) + +## 12.5.2 (2023-05-09) + +* [bitnami/thanos] Release 12.5.2 (#16543) ([68ec23f](https://github.com/bitnami/charts/commit/68ec23f1195fb9b171c1c5df874f5791916e4065)), closes [#16543](https://github.com/bitnami/charts/issues/16543) + +## 12.5.1 (2023-05-02) + +* [bitnami/thanos] Release 12.5.1 (#16334) ([9306142](https://github.com/bitnami/charts/commit/930614258356e9de94bbd92bcb549de29b8e4fa8)), closes [#16334](https://github.com/bitnami/charts/issues/16334) + +## 12.5.0 (2023-04-20) + +* [bitnami/*] Make Helm charts 100% OCI (#15998) ([8841510](https://github.com/bitnami/charts/commit/884151035efcbf2e1b3206e7def85511073fb57d)), closes [#15998](https://github.com/bitnami/charts/issues/15998) + +## 12.4.3 (2023-04-18) + +* [bitnami/thanos] Fix autoGenerated GRPC certs by using common CA (#16000) ([9c5b31b](https://github.com/bitnami/charts/commit/9c5b31b1c9963f7c0ca503d4b84211a19581674c)), closes [#16000](https://github.com/bitnami/charts/issues/16000) + +## 12.4.2 (2023-04-03) + +* [bitnami/thanos] Fix dnsConfig in sharded thanos storegateway (#15827) ([d061eac](https://github.com/bitnami/charts/commit/d061eace9f7060e3e565b5d1e2412361017cabf5)), closes [#15827](https://github.com/bitnami/charts/issues/15827) + +## 12.4.1 (2023-04-01) + +* [bitnami/thanos] Release 12.4.1 (#15901) ([76a8472](https://github.com/bitnami/charts/commit/76a8472165a24354b3950c25234363bfcef4bed7)), closes [#15901](https://github.com/bitnami/charts/issues/15901) + +## 12.4.0 (2023-03-28) + +* [bitnami/thanos]: add dnsConfig option (#15694) ([b802b25](https://github.com/bitnami/charts/commit/b802b25a3eed2c72be0373e7bd1bb31a022cf471)), closes [#15694](https://github.com/bitnami/charts/issues/15694) + +## 12.3.2 (2023-03-23) + +* [bitnami/thanos] Release 12.3.2 (#15707) ([9a48a96](https://github.com/bitnami/charts/commit/9a48a9615835ec609a9776767aa4da343404d7c8)), closes [#15707](https://github.com/bitnami/charts/issues/15707) + +## 12.3.1 (2023-03-19) + +* [bitnami/thanos] Release 12.3.1 (#15619) ([3686549](https://github.com/bitnami/charts/commit/3686549bcba1e60b7b0c23b83ee668ff9464e4e0)), closes [#15619](https://github.com/bitnami/charts/issues/15619) + +## 12.3.0 (2023-03-16) + +* [bitnami/thanos] Add HTTPS support to ServiceMonitors (#15397) ([97dbd2b](https://github.com/bitnami/charts/commit/97dbd2b101fa071ee422f53dd16118dfc26e6925)), closes [#15397](https://github.com/bitnami/charts/issues/15397) + +## 12.2.1 (2023-03-13) + +* [bitnami/thanos] Release 12.2.1 (#15482) ([a27ae15](https://github.com/bitnami/charts/commit/a27ae15c24f822c4c3331f97a404918c2f578358)), closes [#15482](https://github.com/bitnami/charts/issues/15482) + +## 12.2.0 (2023-03-10) + +* [bitnami/charts] Apply linter to README files (#15357) ([0e29e60](https://github.com/bitnami/charts/commit/0e29e600d3adc8b1b46e506eccb3decfab3b4e63)), closes [#15357](https://github.com/bitnami/charts/issues/15357) +* [bitnami/thanos] Add support for service.headless.annotations (#15446) ([b5430ea](https://github.com/bitnami/charts/commit/b5430ea0443bc3a88391e8fdcb1e99fcd6bd58e6)), closes [#15446](https://github.com/bitnami/charts/issues/15446) + +## 12.1.2 (2023-03-03) + +* [bitnami/thanos]: Replace deprecated spec.serviceAccount field with spec.serviceAccountName (#15180) ([f9ab87f](https://github.com/bitnami/charts/commit/f9ab87fc5af28ca82e8129a8eb944629254eb72e)), closes [#15180](https://github.com/bitnami/charts/issues/15180) + +## 12.1.1 (2023-03-01) + +* [bitnami/thanos] Release 12.1.1 (#15250) ([a29838b](https://github.com/bitnami/charts/commit/a29838b45b7f7b7c2f7f17769e5d4fb44333b295)), closes [#15250](https://github.com/bitnami/charts/issues/15250) + +## 12.1.0 (2023-02-21) + +* [bitnami/thanos] Compactor cronjob (#14865) ([cae55cf](https://github.com/bitnami/charts/commit/cae55cff430980a4ea505f77a547e03b5b947040)), closes [#14865](https://github.com/bitnami/charts/issues/14865) + +## 12.0.6 (2023-02-17) + +* [bitnami/*] Fix markdown linter issues (#14874) ([a51e0e8](https://github.com/bitnami/charts/commit/a51e0e8d35495b907f3e70dd2f8e7c3bcbf4166a)), closes [#14874](https://github.com/bitnami/charts/issues/14874) +* [bitnami/*] Fix markdown linter issues 2 (#14890) ([aa96572](https://github.com/bitnami/charts/commit/aa9657237ee8df4a46db0d7fdf8a23230dd6902a)), closes [#14890](https://github.com/bitnami/charts/issues/14890) +* [bitnami/*] Remove unexpected extra spaces (#14873) ([c97c714](https://github.com/bitnami/charts/commit/c97c714887380d47eae7bfeff316bf01595ecd1d)), closes [#14873](https://github.com/bitnami/charts/issues/14873) +* [bitnami/thanos] Release 12.0.6 (#15033) ([37e26fb](https://github.com/bitnami/charts/commit/37e26fbc41a0d06c925d61fb99d2a4787343a2ef)), closes [#15033](https://github.com/bitnami/charts/issues/15033) + +## 12.0.5 (2023-02-14) + +* [bitnami/thanos] Add Support for timePartitioning resource management (#14780) ([cd1f358](https://github.com/bitnami/charts/commit/cd1f35885aee9735e9481f9c9dce583b4c888f0c)), closes [#14780](https://github.com/bitnami/charts/issues/14780) +* [bitnami/thanos] Release 12.0.5 (#14866) ([f7cbb4d](https://github.com/bitnami/charts/commit/f7cbb4d358979e21e362f1b919c518e63483d663)), closes [#14866](https://github.com/bitnami/charts/issues/14866) + +## 12.0.4 (2023-02-09) + +* [bitnami/thanos] fix context for statefulset (#14797) ([3a7fa9c](https://github.com/bitnami/charts/commit/3a7fa9c178f0d96c8f8b9fd37577cc6bc48029b5)), closes [#14797](https://github.com/bitnami/charts/issues/14797) +* [bitnami/thanos] Update README (#14217) ([2748063](https://github.com/bitnami/charts/commit/2748063194066a03ee6d00ff147ef342f01afeb0)), closes [#14217](https://github.com/bitnami/charts/issues/14217) + +## 12.0.3 (2023-02-01) + +* fix prometheusRule additionalLabels specification (#14674) ([38f2125](https://github.com/bitnami/charts/commit/38f21259dcd34000d929700f79d1ce27a0b04df5)), closes [#14674](https://github.com/bitnami/charts/issues/14674) + +## 12.0.2 (2023-01-31) + +* [bitnami/*] Change copyright date (#14682) ([add4ec7](https://github.com/bitnami/charts/commit/add4ec701108ac36ed4de2dffbdf407a0d091067)), closes [#14682](https://github.com/bitnami/charts/issues/14682) +* [bitnami/thanos] Release 12.0.2 (#14691) ([e949840](https://github.com/bitnami/charts/commit/e949840a00bf810a714f4ae955fe617f5843e044)), closes [#14691](https://github.com/bitnami/charts/issues/14691) + +## 12.0.1 (2023-01-31) + +* [bitnami/*] Unify READMEs (#14472) ([2064fb8](https://github.com/bitnami/charts/commit/2064fb8dcc78a845cdede8211af8c3cc52551161)), closes [#14472](https://github.com/bitnami/charts/issues/14472) +* [bitnami/thanos] Don't regenerate self-signed certs on upgrade (#14664) ([f627ac2](https://github.com/bitnami/charts/commit/f627ac2d9b895e86a5f959522a858c32048f9338)), closes [#14664](https://github.com/bitnami/charts/issues/14664) +* [bitnami/thanos] Revisit tests (#14343) ([b055f10](https://github.com/bitnami/charts/commit/b055f106923907e2be312dbeaea99d415a63e859)), closes [#14343](https://github.com/bitnami/charts/issues/14343) + +## 12.0.0 (2023-01-19) + +* [bitnami/*] Add license annotation and remove obsolete engine parameter (#14293) ([da2a794](https://github.com/bitnami/charts/commit/da2a7943bae95b6e9b5b4ed972c15e990b69fdb0)), closes [#14293](https://github.com/bitnami/charts/issues/14293) +* [bitnami/*] Change licenses annotation format (#14377) ([0ab7608](https://github.com/bitnami/charts/commit/0ab760862c660fcc78cffadf8e1d8cdd70881473)), closes [#14377](https://github.com/bitnami/charts/issues/14377) +* [bitnami/thanos] Update MinIO subchart (#14448) ([50be8c9](https://github.com/bitnami/charts/commit/50be8c9df710e15a99224cc5e3a4fb8f8e85e994)), closes [#14448](https://github.com/bitnami/charts/issues/14448) + +## 11.6.8 (2023-01-04) + +* [bitnami/thanos] Release 11.6.8 (#14187) ([a2a28b2](https://github.com/bitnami/charts/commit/a2a28b2fa923fe963c3e4268d93940340de8204d)), closes [#14187](https://github.com/bitnami/charts/issues/14187) + +## 11.6.7 (2023-01-03) + +* [bitnami/thanos] Release 11.6.7 (#14170) ([d1d592d](https://github.com/bitnami/charts/commit/d1d592df3c3aa574c7722e2ac2f5946aa9d05595)), closes [#14170](https://github.com/bitnami/charts/issues/14170) + +## 11.6.6 (2022-12-26) + +* [bitnami/thanos] Release 11.6.6 (#14097) ([804c53c](https://github.com/bitnami/charts/commit/804c53c20884cd0a523e960ee8920d452ec99783)), closes [#14097](https://github.com/bitnami/charts/issues/14097) + +## 11.6.5 (2022-12-14) + +* [bitnami/thanos] Fix typo in chart values comments (#13933) ([4255d8f](https://github.com/bitnami/charts/commit/4255d8f137dd2d32536553f1d3d2ca9b9f75b181)), closes [#13933](https://github.com/bitnami/charts/issues/13933) + +## 11.6.4 (2022-11-29) + +* [bitnami/thanos] Release 11.6.4 (#13686) ([71f999e](https://github.com/bitnami/charts/commit/71f999e85d3fecce123a29e957b5dd87921651e4)), closes [#13686](https://github.com/bitnami/charts/issues/13686) +* [bitnami/thanos] update PrometheusRule names to be unique (#13610) ([b57dada](https://github.com/bitnami/charts/commit/b57dadad7f9200434783c1c84c45cdadddc31b8d)), closes [#13610](https://github.com/bitnami/charts/issues/13610) + +## 11.6.3 (2022-11-24) + +* [bitnami/thanos] Set custom topology key for podAntiAffinityPreset (#13581) ([3c43c64](https://github.com/bitnami/charts/commit/3c43c64fa6a9f244a359345c17c5dcb1783b86e0)), closes [#13581](https://github.com/bitnami/charts/issues/13581) + +## 11.6.2 (2022-11-22) + +* fix: Removed an extra curly brace, added a missing one (#13604) ([e875618](https://github.com/bitnami/charts/commit/e875618760148927c7e16c69a4295dc87d7a6ec3)), closes [#13604](https://github.com/bitnami/charts/issues/13604) + +## 11.6.1 (2022-11-17) + +* [bitnami/thanos] fix apiversion hardcode for statefulset (#13542) ([42eae9e](https://github.com/bitnami/charts/commit/42eae9e87b0d9812172bbc6f61f527eee8b6798a)), closes [#13542](https://github.com/bitnami/charts/issues/13542) + +## 11.6.0 (2022-11-16) + +* [bitnami/thanos] Add prometheus alerts rules (#12873) ([1fbb541](https://github.com/bitnami/charts/commit/1fbb5412388f4bc054f95b16386436624c0188f1)), closes [#12873](https://github.com/bitnami/charts/issues/12873) + +## 11.5.10 (2022-11-14) + +* [bitnami/thanos] Fix issue with serviceAccount.create (#13502) ([1d57316](https://github.com/bitnami/charts/commit/1d57316951b43d9ea8312855c7061a6a535f601a)), closes [#13502](https://github.com/bitnami/charts/issues/13502) + +## 11.5.9 (2022-11-10) + +* [bitnami/thanos] Fix documentation for ruler.alertmanagersConfig and ruler.alertmanagers (#13359) ([5fb0f61](https://github.com/bitnami/charts/commit/5fb0f61f186e05a22ec01438479f753ad9db932f)), closes [#13359](https://github.com/bitnami/charts/issues/13359) + +## 11.5.8 (2022-11-08) + +* [bitnami/thanos] Fix serviceAccount name logic for Thanos (#13406) ([2d6cc8f](https://github.com/bitnami/charts/commit/2d6cc8fc2a72455670cef0489c68b3851a426425)), closes [#13406](https://github.com/bitnami/charts/issues/13406) + +## 11.5.7 (2022-11-03) + +* [bitnami/thanos] Modified serviceAccount name logic for Thanos (#13312) ([7915506](https://github.com/bitnami/charts/commit/79155065005032de3fc00a229496df0edf39e13f)), closes [#13312](https://github.com/bitnami/charts/issues/13312) + +## 11.5.6 (2022-10-31) + +* [bitnami/*] Use new default branch name in links (#12943) ([a529e02](https://github.com/bitnami/charts/commit/a529e02597d49d944eba1eb0f190713293247176)), closes [#12943](https://github.com/bitnami/charts/issues/12943) +* Remove subPath from servicediscovery.yml (#12940) ([21e3cfd](https://github.com/bitnami/charts/commit/21e3cfd8c11fa837e8b7e0a03b7144d4c727758e)), closes [#12940](https://github.com/bitnami/charts/issues/12940) + +## 11.5.5 (2022-10-07) + +* [bitnami/thanos] Release 11.5.5 (#12848) ([8ef44e1](https://github.com/bitnami/charts/commit/8ef44e189c6a143153e28f4ad8510b96a41b62a9)), closes [#12848](https://github.com/bitnami/charts/issues/12848) +* Generic README instructions related to the repo (#12792) ([3cf6b10](https://github.com/bitnami/charts/commit/3cf6b10e10e60df4b3e191d6b99aa99a9f597755)), closes [#12792](https://github.com/bitnami/charts/issues/12792) + +## 11.5.4 (2022-10-03) + +* [bitnami/thanos] Upgrade dependencies (#12755) ([4fc83d6](https://github.com/bitnami/charts/commit/4fc83d67a522955bf41068309f6557e0398e3de0)), closes [#12755](https://github.com/bitnami/charts/issues/12755) + +## 11.5.3 (2022-09-29) + +* [bitnami/thanos] Release 11.5.3 updating components versions ([c21634b](https://github.com/bitnami/charts/commit/c21634b6e7d0941f126471acbd7bb950c81b2dc4)) + +## 11.5.2 (2022-09-28) + +* [bitnami/thanos] Fix http config encoding (#12715) ([dbaa4a8](https://github.com/bitnami/charts/commit/dbaa4a8deefcbe8ebc6477ada87534a9e31b9056)), closes [#12715](https://github.com/bitnami/charts/issues/12715) + +## 11.5.1 (2022-09-19) + +* [bitnami/thanos] Use custom probes if given (#12563) ([09dacb3](https://github.com/bitnami/charts/commit/09dacb37dcf04eb329aad60a409c10a0a3401ab0)), closes [#12563](https://github.com/bitnami/charts/issues/12563) [#12354](https://github.com/bitnami/charts/issues/12354) + +## 11.5.0 (2022-09-14) + +* [bitnami/thanos] Add support for HTTPS and basic auth experimental settings (#12404) ([422981c](https://github.com/bitnami/charts/commit/422981caae99d7fcfc2bd1450f8fb5af40109e2f)), closes [#12404](https://github.com/bitnami/charts/issues/12404) + +## 11.4.1 (2022-09-14) + +* [bitnami/thanos] Fix receive-distributor nodeAffinityPreset (#12355) ([9e45e5d](https://github.com/bitnami/charts/commit/9e45e5d1cd37f99f847401ad95ee5c07cbd145c6)), closes [#12355](https://github.com/bitnami/charts/issues/12355) + +## 11.4.0 (2022-09-02) + +* [bitnami/thanos] Allowed to add labels to query-frontend service and storegateway PVC (#11549) ([2da04d4](https://github.com/bitnami/charts/commit/2da04d4aafd9b92d4b2600923193f8a35b799d27)), closes [#11549](https://github.com/bitnami/charts/issues/11549) + +## 11.3.1 (2022-08-30) + +* [bitnami/thanos] Release 11.3.1 updating components versions ([9869e75](https://github.com/bitnami/charts/commit/9869e75c273655f460e979b9223e822bd93e5fbe)) + +## 11.3.0 (2022-08-29) + +* [bitnami/thanos] feat: create sharded hpa and pdb for storegateway (#11426) ([cea7c08](https://github.com/bitnami/charts/commit/cea7c08fb195b6a28a61da83224a597e8dca4a90)), closes [#11426](https://github.com/bitnami/charts/issues/11426) + +## 11.2.2 (2022-08-23) + +* [bitnami/thanos] Update Chart.lock (#12108) ([c6b9ba3](https://github.com/bitnami/charts/commit/c6b9ba3c9c117b9f790e922ec27b7f996a63555a)), closes [#12108](https://github.com/bitnami/charts/issues/12108) +* Fix thanos compactor ingressclassname conditional (#11976) ([2881800](https://github.com/bitnami/charts/commit/28818003526bfb0b7e881359438ecf1dccc5694f)), closes [#11976](https://github.com/bitnami/charts/issues/11976) + +## 11.2.1 (2022-08-22) + +* [bitnami/thanos] Update Chart.lock (#11979) ([aa39c57](https://github.com/bitnami/charts/commit/aa39c57cb1360604c3193fc0bbab604c6ccdbd70)), closes [#11979](https://github.com/bitnami/charts/issues/11979) + +## 11.2.0 (2022-08-22) + +* [bitnami/thanos] - Fix typo in k8s annotation (#11553) ([63a17fc](https://github.com/bitnami/charts/commit/63a17fc830cd104e0d43f5d4cff0ee842f5bb877)), closes [#11553](https://github.com/bitnami/charts/issues/11553) +* [bitnami/thanos] Add support for image digest apart from tag (#11955) ([7cd4152](https://github.com/bitnami/charts/commit/7cd415250be58a485717f950cc0a75c153ebe7ef)), closes [#11955](https://github.com/bitnami/charts/issues/11955) + +## 11.1.4 (2022-08-04) + +* [bitnami/thanos] Release 11.1.4 updating components versions ([1765142](https://github.com/bitnami/charts/commit/17651420133dde452b668d7d45431f5fb6f2028a)) + +## 11.1.3 (2022-07-27) + +* [bitnami/*] Update URLs to point to the new bitnami/containers monorepo (#11352) ([d665af0](https://github.com/bitnami/charts/commit/d665af0c708846192d8d5fb2f5f9ea65dd464ab0)), closes [#11352](https://github.com/bitnami/charts/issues/11352) +* [bitnami/thanos] Conditionally Set objstore arg and OBJSTORE_CONFIG for Thanos receive (#11274) ([fe373e8](https://github.com/bitnami/charts/commit/fe373e8f44d23d5ffcafc0c3899939890a901d5d)), closes [#11274](https://github.com/bitnami/charts/issues/11274) + +## 11.1.2 (2022-07-18) + +* [bitnami/thanos] Release 11.1.2 updating components versions ([a49e568](https://github.com/bitnami/charts/commit/a49e56897c178ad4230f139fad2c21572cfb8934)) + +## 11.1.1 (2022-07-15) + +* replaced --store= with --endpoint (#11178) ([632a11d](https://github.com/bitnami/charts/commit/632a11de283841c1387eee2c979187947ad82c2a)), closes [#11178](https://github.com/bitnami/charts/issues/11178) + +## 11.1.0 (2022-07-12) + +* [bitnami/thanos] feat: update default prometheusrule value (#10979) ([3d81b51](https://github.com/bitnami/charts/commit/3d81b5111dee21d81e817fbf7ca2809c95a042ec)), closes [#10979](https://github.com/bitnami/charts/issues/10979) + +## 11.0.0 (2022-07-12) + +* [bitnami/thanos]: Allow receiver to run without object store config (#11030) ([24fab8a](https://github.com/bitnami/charts/commit/24fab8ab5a9055b44fc9c157288f8bb40c97a4a7)), closes [#11030](https://github.com/bitnami/charts/issues/11030) +* [bitnami/thanos] Creates separate service for grpc port of query module (#11051) ([dab4304](https://github.com/bitnami/charts/commit/dab43043381903de24308c701dc6248d1e66ad79)), closes [#11051](https://github.com/bitnami/charts/issues/11051) + +## 10.5.5 (2022-07-06) + +* [bitnami/thanos] Release 10.5.5 updating components versions ([d4ef1ea](https://github.com/bitnami/charts/commit/d4ef1ead76bfa212a9d45ec31e7ef49fa4b98e88)) + +## 10.5.4 (2022-06-29) + +* [bitnami/thanos] Release 10.5.4 updating components versions ([6933c57](https://github.com/bitnami/charts/commit/6933c5781727171b6f82189a409ca6b7c172326f)) + +## 10.5.3 (2022-06-20) + +* [bitnami/thanos] Fix customStartupProbe for thanos receive statefulset (#10780) ([2e87be1](https://github.com/bitnami/charts/commit/2e87be1616ed85702c485ebd380e0adf182916f4)), closes [#10780](https://github.com/bitnami/charts/issues/10780) + +## 10.5.2 (2022-06-09) + +* [bitnami/*] Replace Kubeapps URL in READMEs (and kubeapps Chart.yaml) and remove BKPR references (#1 ([c6a7914](https://github.com/bitnami/charts/commit/c6a7914361e5aea6016fb45bf4d621edfd111d32)), closes [#10600](https://github.com/bitnami/charts/issues/10600) +* [bitnami/thanos] Release 10.5.2 updating components versions ([f47996b](https://github.com/bitnami/charts/commit/f47996b7385c08698cf89c636e616addbf676add)) + +## 10.5.1 (2022-06-01) + +* [bitnami/several] Replace maintainers email by url (#10523) ([ff3cf61](https://github.com/bitnami/charts/commit/ff3cf617a1680509b0f3855d17c4ccff7b29a0ff)), closes [#10523](https://github.com/bitnami/charts/issues/10523) + +## 10.5.0 (2022-05-27) + +* [bitnami/thanos] Implement ServiceAccount.create and ServiceAccount.name with BWC (#10447) ([18f9389](https://github.com/bitnami/charts/commit/18f9389f3a6c96319597d0b77dad351a349b246f)), closes [#10447](https://github.com/bitnami/charts/issues/10447) + +## 10.4.3 (2022-05-26) + +* [bitnami/thanos] Release 10.4.3 updating components versions ([295288d](https://github.com/bitnami/charts/commit/295288dc63db2ae18ea51aa8f8c8cb4e07a594a8)) + +## 10.4.2 (2022-05-20) + +* [bitnami/*] Fix HPA API version template usage (#10332) ([85ce7af](https://github.com/bitnami/charts/commit/85ce7af79a6a44d8b90e4907064ca77efe7c8288)), closes [#10332](https://github.com/bitnami/charts/issues/10332) + +## 10.4.1 (2022-05-19) + +* [bitnami/thanos] Release 10.4.1 updating components versions ([c5c5446](https://github.com/bitnami/charts/commit/c5c5446a7b576982b8f64715ca5a49913a53feb8)) + +## 10.4.0 (2022-05-16) + +* [bitnami/*] add ingress extraRules feature (#10253) ([0f6cbb9](https://github.com/bitnami/charts/commit/0f6cbb9099b0e56685cc1d36ba50340f3d7278a1)), closes [#10253](https://github.com/bitnami/charts/issues/10253) + +## 10.3.10 (2022-05-13) + +* [bitnami/thanos] Use the new helper for HPA API version (#10214) ([e4b6ee8](https://github.com/bitnami/charts/commit/e4b6ee86e0799394f3a84d8f718a487338a94ab9)), closes [#10214](https://github.com/bitnami/charts/issues/10214) + +## 10.3.9 (2022-05-13) + +* [bitnami/*] Remove old 'ci' files (#10171) ([5df30c4](https://github.com/bitnami/charts/commit/5df30c44dbd1812da8786579ce4a94917d46a6ad)), closes [#10171](https://github.com/bitnami/charts/issues/10171) +* [bitnami/*] Unify k8s directives separators (#10185) ([2650214](https://github.com/bitnami/charts/commit/26502141d146ca3bdfb3bf744fcdec8ca5cece44)), closes [#10185](https://github.com/bitnami/charts/issues/10185) +* [bitnami/thanos] Add missing namespace metadata (#10160) ([6c40169](https://github.com/bitnami/charts/commit/6c40169ffa706bcc414784818eed99beb425a7f3)), closes [#10160](https://github.com/bitnami/charts/issues/10160) + +## 10.3.8 (2022-05-11) + +* [bitnami/*] Fix typo in comments (relay -> rely) (#10151) ([9cfe4a4](https://github.com/bitnami/charts/commit/9cfe4a48cc35851faea6be7ffb2a978d223befa0)), closes [#10151](https://github.com/bitnami/charts/issues/10151) + +## 10.3.7 (2022-05-05) + +* [bitnami/thanos] Release 10.3.7 updating components versions ([e29e9a5](https://github.com/bitnami/charts/commit/e29e9a5cc18e8929671fcfcf96149e9d722432f6)) + +## 10.3.6 (2022-04-21) + +* [bitnami/thanos] Release 10.3.6 updating components versions ([d13c99b](https://github.com/bitnami/charts/commit/d13c99bd54d06a1a0d4fdb425fd2c3d300ecbe3d)) + +## 10.3.5 (2022-04-20) + +* [bitnami/thanos] set properly scope for include func in ingress (#9824) ([d268423](https://github.com/bitnami/charts/commit/d268423804d9a97566b99ba02ecee4f9a870a398)), closes [#9824](https://github.com/bitnami/charts/issues/9824) + +## 10.3.4 (2022-04-13) + +* fix(thanos-storegateway): error in accessed value (#9762) ([1e7c762](https://github.com/bitnami/charts/commit/1e7c762661188f3a56cd4d5a34a5577a5c50147a)), closes [#9762](https://github.com/bitnami/charts/issues/9762) + +## 10.3.3 (2022-04-08) + +* [bitnami/thanos] Use correct helpers for ingress-grpc.yaml (#9715) ([916552b](https://github.com/bitnami/charts/commit/916552b22690c6fd9b0a3224812be625a8e47523)), closes [#9715](https://github.com/bitnami/charts/issues/9715) + +## 10.3.2 (2022-04-06) + +* [bitnami/thanos] Release 10.3.2 updating components versions ([0ecc1af](https://github.com/bitnami/charts/commit/0ecc1aff7f5ac40e06e8b469110e19927a614b45)) + +## 10.3.1 (2022-03-29) + +* [bitnami/thanos] Release 10.3.1 updating components versions ([f5bc313](https://github.com/bitnami/charts/commit/f5bc3138f366adf774b30a9bf26a0252df21e4d0)) + +## 10.3.0 (2022-03-29) + +* [bitnami/thanos] added Parameter for automountServiceAccountToken on every Deployment or Statefulset ([ebc73d5](https://github.com/bitnami/charts/commit/ebc73d5903e68e731ae3a3a651ccd9bc8cec8a1f)), closes [#9590](https://github.com/bitnami/charts/issues/9590) + +## 10.2.3 (2022-03-24) + +* [bitnami/thanos] Release 10.2.3 updating components versions ([6e4d898](https://github.com/bitnami/charts/commit/6e4d89871bf39fa408201a52668b71f9adbd65c2)) + +## 10.2.2 (2022-03-21) + +* [bitnami/thanos] - updated version and fixed typo servername to serverName in deployment.yml (#9485) ([30c773f](https://github.com/bitnami/charts/commit/30c773fef3a4948be87c7d7758cc055300b36cca)), closes [#9485](https://github.com/bitnami/charts/issues/9485) + +## 10.2.1 (2022-03-18) + +* [bitnami/thanos] Release 10.2.1 updating components versions ([2e4ab71](https://github.com/bitnami/charts/commit/2e4ab71320c30f91fd57d264893407f16ce6d96b)) + +## 10.2.0 (2022-03-18) + +* [bitnami/thanos] add replication-factor to receive-distributor and set replication-factor based on ([7e3b2d2](https://github.com/bitnami/charts/commit/7e3b2d2fdcd740a31fa3a1adffadf28eac03ee7c)), closes [#9447](https://github.com/bitnami/charts/issues/9447) + +## 10.1.1 (2022-03-10) + +* [bitnami/thanos] Release 10.1.1 updating components versions ([b1d6f97](https://github.com/bitnami/charts/commit/b1d6f97af442f721ff3e2356cc52ce870197c7f4)) + +## 10.1.0 (2022-03-10) + +* [bitnami/*] Fix non utf8 characters (#9347) ([0cec8a8](https://github.com/bitnami/charts/commit/0cec8a8d30b8f1ca85febe9acc342522d5b18850)), closes [#9347](https://github.com/bitnami/charts/issues/9347) +* Read only root file system thanos (#9358) ([4a34d72](https://github.com/bitnami/charts/commit/4a34d724cee2144046fa7f770c3866f49984b956)), closes [#9358](https://github.com/bitnami/charts/issues/9358) + +## 10.0.0 (2022-03-07) + +* [bitnami/thanos] Remove compatibility with MINIO_ACCESS_KEY and MINIO_SECRET_KEY (#9322) ([89cb308](https://github.com/bitnami/charts/commit/89cb3086a4711176d3dc93d25910e8bf6906548c)), closes [#9322](https://github.com/bitnami/charts/issues/9322) + +## 9.0.13 (2022-03-04) + +* [bitnami/several] Reorder subcharts (#9299) ([a041f6b](https://github.com/bitnami/charts/commit/a041f6b0ff2dea82b3d030cb99454cede94dbc9a)), closes [#9299](https://github.com/bitnami/charts/issues/9299) + +## 9.0.12 (2022-03-03) + +* [bitnami/thanos] Release 9.0.12 updating components versions ([4961e12](https://github.com/bitnami/charts/commit/4961e12e11d29353595e908919f383d75b756714)) + +## 9.0.11 (2022-03-02) + +* [bitnami/thanos] Fix: remove `replicas` setting if autoscaling is enabled. (#9254) ([7e76326](https://github.com/bitnami/charts/commit/7e76326bfd9200e45ef7dd978cb162c8501e9776)), closes [#9254](https://github.com/bitnami/charts/issues/9254) + +## 9.0.10 (2022-03-02) + +* [bitnami/thanos] Fix: use name passed to receive.existingConfigmap if set (#9253) ([7946e12](https://github.com/bitnami/charts/commit/7946e128b16b9cc8e81ea51c31a6b0cfe3f2c3f8)), closes [#9253](https://github.com/bitnami/charts/issues/9253) + +## 9.0.9 (2022-03-01) + +* [bitnami/thanos] Remove Replica Count if HPA is Enabled (#9235) ([0fc3c2f](https://github.com/bitnami/charts/commit/0fc3c2f3d3585944b9c597ddd340d5c25135406e)), closes [#9235](https://github.com/bitnami/charts/issues/9235) + +## 9.0.8 (2022-02-25) + +* [bitnami/thanos] Added minio reference link in values.yaml (#9196) ([d97f4eb](https://github.com/bitnami/charts/commit/d97f4ebb4db8bc046e6373d1a72a0cad28743124)), closes [#9196](https://github.com/bitnami/charts/issues/9196) + +## 9.0.7 (2022-02-25) + +* [bitnami/thanos] Properly name HPA for receive-distributor (#9184) ([101b585](https://github.com/bitnami/charts/commit/101b585819475e3da48d669f9a6a4dfd1b31b5d6)), closes [#9184](https://github.com/bitnami/charts/issues/9184) + +## 9.0.6 (2022-02-24) + +* [bitnami/Thanos] Add volumePermission initContainer for receive statefulset (#9172) ([f569b71](https://github.com/bitnami/charts/commit/f569b71c6301a981235d23683cb60a5ef41acf9c)), closes [#9172](https://github.com/bitnami/charts/issues/9172) + +## 9.0.5 (2022-02-21) + +* [bitnami/thanos] Do not hardcode PDB apiVersion (#9118) ([dbc4086](https://github.com/bitnami/charts/commit/dbc40869b6c1bcdc496978bf987f0d837d9c944b)), closes [#9118](https://github.com/bitnami/charts/issues/9118) + +## 9.0.4 (2022-02-09) + +* [bitnami/thanos] Release 9.0.4 updating components versions ([415688c](https://github.com/bitnami/charts/commit/415688c408d7b971454efd9fcb798cb97e17d16a)) +* Non utf8 chars (#8923) ([6ffd18f](https://github.com/bitnami/charts/commit/6ffd18fbbdf10e94ea1a90cf5b84ef610ac2a72d)), closes [#8923](https://github.com/bitnami/charts/issues/8923) + +## 9.0.3 (2022-02-02) + +* [bitnami/*] Make use of new "common.ingress.certManagerRequest" helper (#8862) ([12e4c37](https://github.com/bitnami/charts/commit/12e4c3733eaeaa9a5579fdf917fa098a0f2aae23)), closes [#8862](https://github.com/bitnami/charts/issues/8862) + +## 9.0.2 (2022-01-28) + +* [bitnami/thanos] fix receive-distributor pdb selector (#8810) ([6389b56](https://github.com/bitnami/charts/commit/6389b56d5b24c697a4288eebb8c569cd8d7a3481)), closes [#8810](https://github.com/bitnami/charts/issues/8810) + +## 9.0.1 (2022-01-20) + +* [bitnami/*] Update READMEs (#8716) ([b9a9533](https://github.com/bitnami/charts/commit/b9a953337590eb2979453385874a267bacf50936)), closes [#8716](https://github.com/bitnami/charts/issues/8716) +* [bitnami/several] Change prerequisites (#8725) ([8d740c5](https://github.com/bitnami/charts/commit/8d740c566cfdb7e2d933c40128b4e919fce953a5)), closes [#8725](https://github.com/bitnami/charts/issues/8725) + +## 9.0.0 (2022-01-17) + +* [bitnami/*] Readme automation (#8579) ([78d1938](https://github.com/bitnami/charts/commit/78d193831c900d178198491ffd08fa2217a64ecd)), closes [#8579](https://github.com/bitnami/charts/issues/8579) +* [bitnami/thanos] Update MinIO subchart to newest major version (#8686) ([fdbefbf](https://github.com/bitnami/charts/commit/fdbefbfd140f183a2d7ecd6846a1db1159a5fabc)), closes [#8686](https://github.com/bitnami/charts/issues/8686) + +## 8.3.0 (2022-01-05) + +* [bitnami/several] Adapt templating format (#8562) ([8cad18a](https://github.com/bitnami/charts/commit/8cad18aed9966a6f0208e5ad6cee46cb217f47ab)), closes [#8562](https://github.com/bitnami/charts/issues/8562) +* [bitnami/several] Add license to the README ([05f7633](https://github.com/bitnami/charts/commit/05f763372501d596e57db713dd53ff4ff3027cc4)) +* [bitnami/several] Add license to the README ([32fb238](https://github.com/bitnami/charts/commit/32fb238e60a0affc6debd3142eaa3c3d9089ec2a)) +* [bitnami/several] Add license to the README ([b87c2f7](https://github.com/bitnami/charts/commit/b87c2f7899d48a8b02c506765e6ae82937e9ba3f)) +* bitnami/thanos chart: readme typo (#8558) ([e8aa5f8](https://github.com/bitnami/charts/commit/e8aa5f8141ddc9f3e2d441b4edc152ef86b01bea)), closes [#8558](https://github.com/bitnami/charts/issues/8558) + +## 8.2.5 (2021-12-22) + +* [bitnami/thanos] Release 8.2.5 updating components versions ([c88784b](https://github.com/bitnami/charts/commit/c88784b1b517ba8bbfda4d2d7a1ed6d30ee4a528)) + +## 8.2.4 (2021-12-22) + +* [bitnami/thanos] Release 8.2.4 updating components versions ([99ff271](https://github.com/bitnami/charts/commit/99ff271595cec898df2abbd38c6f428bdd430782)) + +## 8.2.3 (2021-12-17) + +* [bitnami/thanos] fix auto Generated certificate (#8405) ([8d4a546](https://github.com/bitnami/charts/commit/8d4a546197856c9cb4b56f1d442ff35c5fc8c372)), closes [#8405](https://github.com/bitnami/charts/issues/8405) + +## 8.2.2 (2021-12-14) + +* [bitnami/thanos] fix remote port in thanos-receive ingress (#8313) ([b8a5eb4](https://github.com/bitnami/charts/commit/b8a5eb44a1b6abaa4440d5dc5dc0e923358c028e)), closes [#8313](https://github.com/bitnami/charts/issues/8313) +* [bitnami/thanos] Release 8.2.2 updating components versions ([5d991d3](https://github.com/bitnami/charts/commit/5d991d3cd14c82df0886f4e2f733b604378c2af3)) + +## 8.2.1 (2021-12-09) + +* [Thanos] Fix grpc.server.tls.autoGenerated doesn't work (#8323) ([42b51c5](https://github.com/bitnami/charts/commit/42b51c5b328fb7d54b69c798588e071d7bf100de)), closes [#8323](https://github.com/bitnami/charts/issues/8323) + +## 8.2.0 (2021-12-07) + +* [bitnami/thanos] Add networkpolicy support (#8283) ([d027f36](https://github.com/bitnami/charts/commit/d027f365aa4521dc4d97b954db7e7b2971fc690d)), closes [#8283](https://github.com/bitnami/charts/issues/8283) +* Update Thanos Readme for minio configuration. (#8249) ([6eb0d3c](https://github.com/bitnami/charts/commit/6eb0d3c207d2b61c0fc6929a6b24f3d6cddf961f)), closes [#8249](https://github.com/bitnami/charts/issues/8249) + +## 8.1.2 (2021-11-29) + +* [bitnami/several] Replace HTTP by HTTPS when possible (#8259) ([eafb5bd](https://github.com/bitnami/charts/commit/eafb5bd5a2cc3aaf04fc1e8ebedd73f420d76864)), closes [#8259](https://github.com/bitnami/charts/issues/8259) + +## 8.1.1 (2021-11-26) + +* [bitnami/thanos] Fix thanos query grpc nodeport (#8250) ([05c57f7](https://github.com/bitnami/charts/commit/05c57f7ea39a0336cdc97e2e7b0803cbc9ad5d85)), closes [#8250](https://github.com/bitnami/charts/issues/8250) + +## 8.1.0 (2021-11-23) + +* [bitnami/thanos] Add StoreGateway GRPC ingress (#8209) ([d35b691](https://github.com/bitnami/charts/commit/d35b691cc9f3d80c9867c222477d7b57387df767)), closes [#8209](https://github.com/bitnami/charts/issues/8209) + +## 8.0.3 (2021-11-15) + +* [bitnami/thanos] fix port recive-distributor (#8099) ([17fd9b9](https://github.com/bitnami/charts/commit/17fd9b9819a1091ff83b9b466976a664f13b932b)), closes [#8099](https://github.com/bitnami/charts/issues/8099) + +## 8.0.2 (2021-11-12) + +* [thanos] fix non-autogenerated secrets type (#8105) ([f104c5d](https://github.com/bitnami/charts/commit/f104c5de2438cc59596d6f236fabe120760061b8)), closes [#8105](https://github.com/bitnami/charts/issues/8105) + +## 8.0.1 (2021-11-11) + +* [bitnami/several] Regenerate README tables ([ef52074](https://github.com/bitnami/charts/commit/ef52074d5f3dd00218322cd201f83ee55f9dd1e6)) +* [bitnami/thanos] Fix Receiver Distributor (#8089) ([7f36a0c](https://github.com/bitnami/charts/commit/7f36a0c274817c69377f7c22bcfa68536ed41d2d)), closes [#8089](https://github.com/bitnami/charts/issues/8089) + +## 8.0.0 (2021-11-05) + +* [bitnami/thanos] Chart standarized (#8023) ([5619131](https://github.com/bitnami/charts/commit/56191311cb69f73980e5eb6b6535e44f041902c5)), closes [#8023](https://github.com/bitnami/charts/issues/8023) + +## 7.1.0 (2021-11-05) + +* [bitnami/thanos] Add additionalHeadless service to the querier component. (#7927) ([89d9d7d](https://github.com/bitnami/charts/commit/89d9d7df53e89f8657c907a13b9c4fdb144f9512)), closes [#7927](https://github.com/bitnami/charts/issues/7927) + +## 7.0.5 (2021-11-02) + +* [bitnami/thanos] Fix strategy configuration for Thanos Recieve (#7956) ([47abc23](https://github.com/bitnami/charts/commit/47abc236199c4089306418877e7ba4711fa89999)), closes [#7956](https://github.com/bitnami/charts/issues/7956) + +## 7.0.4 (2021-10-29) + +* corrects Thanos Query GRPC ingress service port for extraHosts (#7974) ([43beb15](https://github.com/bitnami/charts/commit/43beb15821c0e4b71c34a4bf9b26db5599acd395)), closes [#7974](https://github.com/bitnami/charts/issues/7974) + +## 7.0.3 (2021-10-29) + +* [bitnami/*] Mark PodSecurityPolicy resources as deprecated (#7951) ([035d926](https://github.com/bitnami/charts/commit/035d926d45526472dbf703ea285ebf491c442c8e)), closes [#7951](https://github.com/bitnami/charts/issues/7951) +* [bitnami/thanos] Fix Thanos Query GRPC Ingress service port (#7968) ([7db5ad3](https://github.com/bitnami/charts/commit/7db5ad39ef49259605b004e57b7d1bf31c92744b)), closes [#7968](https://github.com/bitnami/charts/issues/7968) + +## 7.0.2 (2021-10-28) + +* [bitnami/thanos] Replace nodePorts.grpc/http to http/grpc.nodePorts in the servce sharded (#7940) ([1324736](https://github.com/bitnami/charts/commit/13247368416687c35459ad90740fc0a5c152e6fa)), closes [#7940](https://github.com/bitnami/charts/issues/7940) + +## 7.0.1 (2021-10-22) + +* [bitnami/several] Add chart info to NOTES.txt (#7889) ([a6751cd](https://github.com/bitnami/charts/commit/a6751cdd33c461fabbc459fbea6f219ec64ab6b2)), closes [#7889](https://github.com/bitnami/charts/issues/7889) +* [bitnami/several] Regenerate README tables ([fbb0358](https://github.com/bitnami/charts/commit/fbb0358f0d99d2ea30fa27cd14af89ca1217dc4b)) + +## 7.0.0 (2021-10-21) + +* [bitnami/thanos] New major version (#7875) ([91120ea](https://github.com/bitnami/charts/commit/91120ea463e0d7212b737f29458804accb0fe1b4)), closes [#7875](https://github.com/bitnami/charts/issues/7875) + +## 6.0.14 (2021-10-19) + +* [bitnami/several] Change pullPolicy for bitnami-shell image (#7852) ([9711a33](https://github.com/bitnami/charts/commit/9711a33c6eec72ea79143c4b7574dbe6a148d6b2)), closes [#7852](https://github.com/bitnami/charts/issues/7852) +* [bitnami/several] Regenerate README tables ([d8e471f](https://github.com/bitnami/charts/commit/d8e471fea607ff755d06b8c7dffb98008ea34a53)) + +## 6.0.13 (2021-10-14) + +* [bitnami/several] Regenerate README tables ([a678bc7](https://github.com/bitnami/charts/commit/a678bc7ba8f35e8e9735b23d136aeeff7c4db1d2)) +* Fixed broken links in Airflow and Thanos READMEs (#7804) ([87ba524](https://github.com/bitnami/charts/commit/87ba524f7b085adc8b31bdf4432ddf3f493bee06)), closes [#7804](https://github.com/bitnami/charts/issues/7804) + +## 6.0.12 (2021-10-06) + +* [bitnami/several] Regenerate README tables ([cdcf8c1](https://github.com/bitnami/charts/commit/cdcf8c1407a9a23b93fadf513be21ca1f9c7c056)) +* [bitnami/thanos] Release 6.0.12 updating components versions ([995bb31](https://github.com/bitnami/charts/commit/995bb317f030ded3efc2efa8295ea12053f0b2a6)) + +## 6.0.11 (2021-10-05) + +* [bitnami/several] Regenerate README tables ([c3367d9](https://github.com/bitnami/charts/commit/c3367d910710aece8db3ece72554597fce871ae1)) +* bitnami/thanos: Switch deployment strategy to 'Recreate' (#7402) ([bfe34d4](https://github.com/bitnami/charts/commit/bfe34d4502a820901645fbcf70f1ae888d349fa0)), closes [#7402](https://github.com/bitnami/charts/issues/7402) + +## 6.0.10 (2021-10-01) + +* [bitnami/*] Drop support for deprecated cert-manager annotation (#7646) ([4297b79](https://github.com/bitnami/charts/commit/4297b792e48fba9c7c3b8fed447a856632c61201)), closes [#7646](https://github.com/bitnami/charts/issues/7646) + +## 6.0.4 (2021-09-30) + +* [bitnami/several] Regenerate README tables ([5a24d1f](https://github.com/bitnami/charts/commit/5a24d1fc9508abfef7fc8a85d0ac64f5d2f7926a)) +* [bitnami/thanos] compactor and storegateway svc ref in ingress with common name (#7548) ([2afda16](https://github.com/bitnami/charts/commit/2afda168725556251dc543ed81cee8b66b331d44)), closes [#7548](https://github.com/bitnami/charts/issues/7548) + +## 6.0.3 (2021-09-27) + +* [bitnami/*] Generate READMEs with new generator version (#7614) ([e5ab2e6](https://github.com/bitnami/charts/commit/e5ab2e6ecdd6bce800863f154cda524ff9f6c117)), closes [#7614](https://github.com/bitnami/charts/issues/7614) +* [bitnami/several] Regenerate README tables ([79eac44](https://github.com/bitnami/charts/commit/79eac4490bf5d0abe582920d9662a892c9666870)) +* [bitnami/thanos] Release 6.0.3 updating components versions ([8fefd0d](https://github.com/bitnami/charts/commit/8fefd0dc8206e0ee66140230e47506158776b04e)) + +## 6.0.2 (2021-09-22) + +* [bitnami/several] Regenerate README tables ([003a0fb](https://github.com/bitnami/charts/commit/003a0fbaedeb775c546b8d8452b7a5ab0a63af52)) +* T41189 Fixed broken links in Thanos README (#7542) ([2d94f8c](https://github.com/bitnami/charts/commit/2d94f8ce91bc381affb40c4acb572a9380f21653)), closes [#7542](https://github.com/bitnami/charts/issues/7542) + +## 6.0.1 (2021-09-16) + +* [bitnami/thanos] Release 6.0.1 updating components versions ([a19ddba](https://github.com/bitnami/charts/commit/a19ddbae5a57db4798664b3ed9db88613b7bf411)) + +## 6.0.0 (2021-09-13) + +* [bitnami/several] Regenerate README tables ([a94b593](https://github.com/bitnami/charts/commit/a94b5937a8665743457afc158202ebc33405c8e1)) +* [bitnami/thanos] Fix incorrect ingress name (#7442) ([2f783cb](https://github.com/bitnami/charts/commit/2f783cb15faf07479a9f3c839a34f330b4cceb21)), closes [#7442](https://github.com/bitnami/charts/issues/7442) +* [bitnami/thanos] Update subcharts (#7469) ([9beab3f](https://github.com/bitnami/charts/commit/9beab3f8a248be6e6edad673c8d0ccdf2a9a037f)), closes [#7469](https://github.com/bitnami/charts/issues/7469) + +## 5.5.1 (2021-09-10) + +* [bitnami/several] Regenerate README tables ([dcb935c](https://github.com/bitnami/charts/commit/dcb935c1bf066b6d8988f3b0dbe85d01aa01b215)) +* [bitnami/thanos] Release 5.5.1 updating components versions ([82c1f72](https://github.com/bitnami/charts/commit/82c1f7244ebb4f9051df84b15bdab97e8f2b5e77)) + +## 5.5.0 (2021-09-09) + +* [bitnami/several] Regenerate README tables ([e0a27b4](https://github.com/bitnami/charts/commit/e0a27b4c05c509da51859373dad032294438af74)) +* [bitnami/thanos] Thanos receiver dualmode (#7148) ([418167c](https://github.com/bitnami/charts/commit/418167c7fa95248f2882c67f35a76ec4c80967c3)), closes [#7148](https://github.com/bitnami/charts/issues/7148) + +## 5.4.0 (2021-09-03) + +* [bitnami/several] Regenerate README tables ([6c9124f](https://github.com/bitnami/charts/commit/6c9124f79491aa65f53a87c1ed598b47ffa8b411)) +* [bitnami/thanos] add ingressClassName (#7374) ([55aa59e](https://github.com/bitnami/charts/commit/55aa59e7a9856175dd32b836ed3d5ee3b115b2e5)), closes [#7374](https://github.com/bitnami/charts/issues/7374) + +## 5.3.2 (2021-08-20) + +* Bitnami/thanos receiver ingress issue (#7265) ([5286377](https://github.com/bitnami/charts/commit/52863779f39e0c79ddc791d6af176e7f18f39fef)), closes [#7265](https://github.com/bitnami/charts/issues/7265) + +## 5.3.1 (2021-08-12) + +* [bitnami/thanos] Update thanos query to read sharded service (#7201) ([4bc6e08](https://github.com/bitnami/charts/commit/4bc6e08620bca4d0159fb5e9d365c4717674e5c4)), closes [#7201](https://github.com/bitnami/charts/issues/7201) + +## 5.3.0 (2021-08-12) + +* [bitnami/several] Regenerate README tables ([6c107e8](https://github.com/bitnami/charts/commit/6c107e835d6caf8db2e8b17dcd48c5971637e013)) +* [bitnami/thanos] Add hash and time base partion for thanos store (#7049) ([404eb51](https://github.com/bitnami/charts/commit/404eb51fc05cc629a9105c6bc1dcd192f2f4edf8)), closes [#7049](https://github.com/bitnami/charts/issues/7049) + +## 5.2.7 (2021-08-04) + +* [bitnami/thanos] Release 5.2.7 updating components versions ([47fc2ee](https://github.com/bitnami/charts/commit/47fc2ee0f15f94e118ecf655fdd2916de6dc3403)) + +## 5.2.6 (2021-08-02) + +* [bitnami/thanos] Fix nil pointer exception when deploying Thanos with bucketweb ingress. (#7107) ([56297ba](https://github.com/bitnami/charts/commit/56297ba38318a928c694415806bfc4db0d0cf614)), closes [#7107](https://github.com/bitnami/charts/issues/7107) + +## 5.2.5 (2021-07-27) + +* [bitnami/several] Bump version and update READMEs (#7069) ([6340bff](https://github.com/bitnami/charts/commit/6340bff66f93c8c797bda3ca0842e4bf770059f1)), closes [#7069](https://github.com/bitnami/charts/issues/7069) + +## 5.2.4 (2021-07-27) + +* Replace strings with ™ in the README files (#7066) ([d298b49](https://github.com/bitnami/charts/commit/d298b4996da33c9580c2594e6dc8ad665dd0ebab)), closes [#7066](https://github.com/bitnami/charts/issues/7066) + +## 5.2.3 (2021-07-22) + +* [bitnami/thanos] Release 5.2.3 updating components versions ([f10d3e0](https://github.com/bitnami/charts/commit/f10d3e054673428a6d27ae292ad6b2004dbb9e85)) + +## 5.2.2 (2021-07-21) + +* [bitnami/*] Replace nil values (#6993) ([2be11a7](https://github.com/bitnami/charts/commit/2be11a70b92a01603c1f079eeaff4b00dc4796d6)), closes [#6993](https://github.com/bitnami/charts/issues/6993) + +## 5.2.1 (2021-07-19) + +* [bitnami/*] Adapt values.yaml of TensorFlow, TestLink and Thanos charts (#6965) ([71a2668](https://github.com/bitnami/charts/commit/71a2668d72cbec381a006dab16622f19e64e1290)), closes [#6965](https://github.com/bitnami/charts/issues/6965) + +## 5.2.0 (2021-07-19) + +* [bitnami/thanos] Add Prometheus alerts for Thanos components (#6776) ([2d481f0](https://github.com/bitnami/charts/commit/2d481f0cdcfddea5ce9752a58409030e7a6b3a0c)), closes [#6776](https://github.com/bitnami/charts/issues/6776) + +## 5.1.1 (2021-07-13) + +* [bitnami/thanos] Release 5.1.1 updating components versions ([74fe8aa](https://github.com/bitnami/charts/commit/74fe8aa1c2aa8c0ad65a94fdbc61a5b967bb7ad8)) + +## 5.1.0 (2021-07-08) + +* [bitnami/thanos] Common labels thanos (#6885) ([2038d81](https://github.com/bitnami/charts/commit/2038d81d438346ba61220f78b15c2742737640ff)), closes [#6885](https://github.com/bitnami/charts/issues/6885) + +## 5.0.0 (2021-06-29) + +* [bitnami/thanos] Added containerSecurityContext and renamed securityContext to podSecurityContext (# ([1160eee](https://github.com/bitnami/charts/commit/1160eeef7313c0be38fee78b15e164b9aa688cd2)), closes [#6673](https://github.com/bitnami/charts/issues/6673) + +## 4.0.0 (2021-06-22) + +* [bitnami/thanos] Update Thanos' MinIO dependency to its latest major (#6732) ([e94fb6f](https://github.com/bitnami/charts/commit/e94fb6f6681c6f1958301623052c88e208fba1b2)), closes [#6732](https://github.com/bitnami/charts/issues/6732) + +## 3.18.2 (2021-06-17) + +* [bitnami/thanos] fix typo on receive component parameter documentation (#6687) ([bae7796](https://github.com/bitnami/charts/commit/bae779624ab1d414f6d6702e80a6af9c0afaac48)), closes [#6687](https://github.com/bitnami/charts/issues/6687) + +## 3.18.1 (2021-06-16) + +* [bitnami/thanos] Add extended alertmanager configuration by flag or file (#6571) ([1b67f55](https://github.com/bitnami/charts/commit/1b67f5596a12e49d37c2d26069bdd806b957937c)), closes [#6571](https://github.com/bitnami/charts/issues/6571) +* [bitnami/thanos] Modify autogenerate support to fix existingSecret (#6670) ([71eebdc](https://github.com/bitnami/charts/commit/71eebdc946c28aa614061ddf83bcc97a8f4dfd84)), closes [#6670](https://github.com/bitnami/charts/issues/6670) + +## 3.18.0 (2021-06-10) + +* [bitnami/thanos] Add support for autogenerated certs (#6613) ([4435d7c](https://github.com/bitnami/charts/commit/4435d7ce8dae6072688011e2456d36d3246c036d)), closes [#6613](https://github.com/bitnami/charts/issues/6613) + +## 3.17.8 (2021-06-04) + +* [bitnami/thanos] Release 3.17.8 updating components versions ([065b110](https://github.com/bitnami/charts/commit/065b110ecb1c4fb48d1cdcd1c8c3ca6aed08c1e0)) + +## 3.17.7 (2021-06-03) + +* [bitnami/thanos] Release 3.17.7 updating components versions ([1292364](https://github.com/bitnami/charts/commit/12923642ab3e0cd942bbc24f0e0143901eda007e)) + +## 3.17.6 (2021-05-31) + +* [bitnami/thanos] fix securityContext for Receive (#6509) ([695d12b](https://github.com/bitnami/charts/commit/695d12b296a0785eb6c4ebc214ccf827384730a2)), closes [#6509](https://github.com/bitnami/charts/issues/6509) + +## 3.17.5 (2021-05-28) + +* [bitnami/thanos] Release 3.17.5 updating components versions ([e9a6e21](https://github.com/bitnami/charts/commit/e9a6e21c3f1337f4879bd94e5f377bcca5e9fc86)) + +## 3.17.4 (2021-05-28) + +* [bitnami/thanos] use multiple rules files (#6469) ([698aedc](https://github.com/bitnami/charts/commit/698aedca141629cecbaa939f759044e5865b7dc0)), closes [#6469](https://github.com/bitnami/charts/issues/6469) + +## 3.17.3 (2021-05-21) + +* [bitnami/thanos] Release 3.17.3 updating components versions ([e20c3e2](https://github.com/bitnami/charts/commit/e20c3e2453d3d9d5c5aff17e69d37bd9d12200f0)) + +## 3.17.2 (2021-05-20) + +* [bitnami/thanos] Release 3.17.2 updating components versions ([8fdcb1b](https://github.com/bitnami/charts/commit/8fdcb1bccbf6cd5351653aa37df1e670748cdf5e)) + +## 3.17.1 (2021-05-17) + +* [bitnami/thanos] Put /api/v1/receive at the first of rules (thanos-receive ingress) (#6382) ([aee8b9a](https://github.com/bitnami/charts/commit/aee8b9ad38f61d20f62842944ed1cd4e595926b4)), closes [#6382](https://github.com/bitnami/charts/issues/6382) + +## 3.17.0 (2021-05-05) + +* [bitnami/thanos] Adding sidecars to services with ingress (#6259) ([3b7579b](https://github.com/bitnami/charts/commit/3b7579b6dd49003ac367949c06f73cf755f578f6)), closes [#6259](https://github.com/bitnami/charts/issues/6259) + +## 3.16.0 (2021-04-21) + +* feat(extraVolumes/Mounts): addition on all compoments (#6169) ([97c8a94](https://github.com/bitnami/charts/commit/97c8a9438276cf85d5d95dc44e08373e5d57a879)), closes [#6169](https://github.com/bitnami/charts/issues/6169) + +## 3.15.1 (2021-04-16) + +* [bitnami/thanos] fixed thanos/receive HPA (#6122) ([3f180c3](https://github.com/bitnami/charts/commit/3f180c392733ac285990d66415c57933b12279d3)), closes [#6122](https://github.com/bitnami/charts/issues/6122) + +## 3.15.0 (2021-04-02) + +* [bitnami/thanos] adding ability to pass env variables to containers (#5971) ([14777a2](https://github.com/bitnami/charts/commit/14777a22d7ff7559e55b80e7a588ac7d5490e58a)), closes [#5971](https://github.com/bitnami/charts/issues/5971) +* Added tls flag for thanos queryFrontend (#5959) ([a38f684](https://github.com/bitnami/charts/commit/a38f68496afc146bcee995e061a47506f6bdcbc3)), closes [#5959](https://github.com/bitnami/charts/issues/5959) + +## 3.14.2 (2021-04-01) + +* [bitnami/thanos] Release 3.14.2 updating components versions ([9d67a58](https://github.com/bitnami/charts/commit/9d67a589c85fa9bb3cc7aac1522758426b4117a5)) + +## 3.14.1 (2021-03-26) + +* [bitnami/thanos] Release 3.14.1 updating components versions ([636a0cf](https://github.com/bitnami/charts/commit/636a0cf00264704768a21802ee2814d97d68210b)) + +## 3.14.0 (2021-03-22) + +* bitnami/thanos - allow setting externalTrafficPolicy for services (#5860) ([a679659](https://github.com/bitnami/charts/commit/a679659b39649e7995b0a58f14cdfc378a50967c)), closes [#5860](https://github.com/bitnami/charts/issues/5860) + +## 3.13.2 (2021-03-17) + +* [bitnami/thanos] Parametrize Thanos Receive retention period (#5821) ([e1eea94](https://github.com/bitnami/charts/commit/e1eea94c30ab99db055bd0ee74cd2819c979f9cd)), closes [#5821](https://github.com/bitnami/charts/issues/5821) + +## 3.13.1 (2021-03-12) + +* [bitnami/thanos] introduce logFormat in Thanos components (#5747) ([5fd202d](https://github.com/bitnami/charts/commit/5fd202d22c8af0546b31f2c11cf89d5e8a5dd408)), closes [#5747](https://github.com/bitnami/charts/issues/5747) + +## 3.13.0 (2021-03-09) + +* [bitnami/thanos] Add ingress to ruler (#5736) ([555fc87](https://github.com/bitnami/charts/commit/555fc879ee0c90e20072a7636ab73b5338d80626)), closes [#5736](https://github.com/bitnami/charts/issues/5736) + +## 3.12.0 (2021-03-08) + +* [bitnami/thanos] Add PodLabels (#5718) ([b0bd9a6](https://github.com/bitnami/charts/commit/b0bd9a6a8e106abf4abc3a70a16179bdfd35fe23)), closes [#5718](https://github.com/bitnami/charts/issues/5718) + +## 3.11.5 (2021-03-04) + +* [bitnami/*] Remove minideb mentions (#5677) ([870bc4d](https://github.com/bitnami/charts/commit/870bc4dba1fc3aa55dd157da6687b25e8d352206)), closes [#5677](https://github.com/bitnami/charts/issues/5677) + +## 3.11.4 (2021-02-24) + +* [bitnami/thanos] Fixing hashrings.json for thanos-receive component. (#5604) ([0db206e](https://github.com/bitnami/charts/commit/0db206ec5043ca86983394143fbc002440ce02c3)), closes [#5604](https://github.com/bitnami/charts/issues/5604) [#5549](https://github.com/bitnami/charts/issues/5549) + +## 3.11.3 (2021-02-22) + +* [bitnami/*] Use common macro to define RBAC apiVersion (#5585) ([71fb99f](https://github.com/bitnami/charts/commit/71fb99f541e971b1daafaa20ffb7d18b153b8d60)), closes [#5585](https://github.com/bitnami/charts/issues/5585) + +## 3.11.2 (2021-02-19) + +* [bitnami/thanos] Fixing weird behavior when helm library is used from flux and terraform (#5557) ([d56f21f](https://github.com/bitnami/charts/commit/d56f21f76b22822a025f07426fd06b1dc7cbb35a)), closes [#5557](https://github.com/bitnami/charts/issues/5557) [#5549](https://github.com/bitnami/charts/issues/5549) + +## 3.11.1 (2021-02-18) + +* [bitnami/thanos] Fix query receive service discovery (#5510) ([3fe6864](https://github.com/bitnami/charts/commit/3fe68649e1091f66f9638bfb48cbda3fc01f0d58)), closes [#5510](https://github.com/bitnami/charts/issues/5510) + +## 3.11.0 (2021-02-18) + +* [bitnami/thanos] Fixing local-endpoint to work also with scaling. (#5504) ([ed1a655](https://github.com/bitnami/charts/commit/ed1a6551e61f1081445fbfd437101f6bd5301d40)), closes [#5504](https://github.com/bitnami/charts/issues/5504) + +## 3.10.1 (2021-02-17) + +* [bitnami/thanos] fix receive serviceaccount ref to ruler (#5486) ([1b3b6ea](https://github.com/bitnami/charts/commit/1b3b6ea089dfa8239bce9011f5490db2148806e6)), closes [#5486](https://github.com/bitnami/charts/issues/5486) + +## 3.10.0 (2021-02-17) + +* [bitnami/thanos] Add support to configurable replica label (#5512) ([447256b](https://github.com/bitnami/charts/commit/447256b24340c730f4287f3182a7b548ea3a804c)), closes [#5512](https://github.com/bitnami/charts/issues/5512) +* [bitnami/thanos] Fix extraHosts fullnameOverride nil pointer (#5499) ([c813f9a](https://github.com/bitnami/charts/commit/c813f9aea8774e1034c1f29ecd65e51f5d3acc0f)), closes [#5499](https://github.com/bitnami/charts/issues/5499) + +## 3.9.1 (2021-02-16) + +* Fix permissions image in thanos (#5506) ([30b36be](https://github.com/bitnami/charts/commit/30b36be27b08f36351a3a0d6b32a32e89b9885e1)), closes [#5506](https://github.com/bitnami/charts/issues/5506) + +## 3.9.0 (2021-02-15) + +* [bitnami/thanos] Added support for headless (SRV Records) and Ingress for thanos receiver. (#5475) ([951c828](https://github.com/bitnami/charts/commit/951c82830ed1b973d43e17c72b51b741bc1e955d)), closes [#5475](https://github.com/bitnami/charts/issues/5475) + +## 3.8.6 (2021-02-15) + +* [bitnami/thanos] fix query TLS client in a modular way (#5437) (#5457) ([bbbf490](https://github.com/bitnami/charts/commit/bbbf490439643e885529c1c4f25aeb7c9c29dc93)), closes [#5437](https://github.com/bitnami/charts/issues/5437) [#5457](https://github.com/bitnami/charts/issues/5457) [#5437](https://github.com/bitnami/charts/issues/5437) [#3988](https://github.com/bitnami/charts/issues/3988) + +## 3.8.5 (2021-02-12) + +* [bitnami/thanos] Add receive to query dns discovery (#5467) ([0e3d0d6](https://github.com/bitnami/charts/commit/0e3d0d6ad38ea5d085177befb9ce08ba2d675783)), closes [#5467](https://github.com/bitnami/charts/issues/5467) + +## 3.8.4 (2021-02-10) + +* bitnami/thanos - Thanos Receive fixes (#5430) ([eaffdc0](https://github.com/bitnami/charts/commit/eaffdc080719c891827aad846dd8d35baaaefd40)), closes [#5430](https://github.com/bitnami/charts/issues/5430) + +## 3.8.3 (2021-02-08) + +* Update MinIO references, titles, descriptions and disclaimer (#5419) ([99fb55a](https://github.com/bitnami/charts/commit/99fb55a65204405943730cae845d755836a7026c)), closes [#5419](https://github.com/bitnami/charts/issues/5419) + +## 3.8.2 (2021-02-08) + +* [bitnami/thanos] Update ingress.yaml on all components to fix bad ingress behavior. (#5406) ([fe9bde9](https://github.com/bitnami/charts/commit/fe9bde9083136d3c4ad35400eaf29287017e031f)), closes [#5406](https://github.com/bitnami/charts/issues/5406) + +## 3.8.1 (2021-02-04) + +* [bitnami/several] Fix template issue when using ingress secrets (#5373) ([7fd5ea5](https://github.com/bitnami/charts/commit/7fd5ea5ad2d46f5bad85585e04844add77cc4885)), closes [#5373](https://github.com/bitnami/charts/issues/5373) + +## 3.8.0 (2021-02-02) + +* [bitnami/several] Monthly trademark review (#5375) ([307a73d](https://github.com/bitnami/charts/commit/307a73dcca857e4b567113113142c68b6eaf85e0)), closes [#5375](https://github.com/bitnami/charts/issues/5375) +* [bitnami/thanos] Add storegateway secret grpc server tls support (#5344) ([307c637](https://github.com/bitnami/charts/commit/307c637c1a4c14eab0fee4eb119aa5fa464e9b2b)), closes [#5344](https://github.com/bitnami/charts/issues/5344) + +## 3.7.1 (2021-02-01) + +* [bitnami/thanos] Release 3.7.1 updating components versions ([5adb4ea](https://github.com/bitnami/charts/commit/5adb4ea1b6a427a0790a8a3d99c2276acf7f47d4)) + +## 3.7.0 (2021-01-29) + +* [bitnami/thanos] Add hostAliases (#5316) ([9d51691](https://github.com/bitnami/charts/commit/9d516918613fef24f2ff1776d94025694aa65c83)), closes [#5316](https://github.com/bitnami/charts/issues/5316) + +## 3.6.0 (2021-01-28) + +* [bitnami/thanos]: query support for mounting existing secret for gRPC TLS confi… (#5058) ([f4f6e10](https://github.com/bitnami/charts/commit/f4f6e10aea0798b147d14ddc7dc838ac3eae3734)), closes [#5058](https://github.com/bitnami/charts/issues/5058) + +## 3.5.0 (2021-01-25) + +* [bitnami/thanos] Add receive component (#5069) ([faa2a87](https://github.com/bitnami/charts/commit/faa2a874ddcf900225820033f31a6303a0d1995e)), closes [#5069](https://github.com/bitnami/charts/issues/5069) + +## 3.4.1 (2021-01-19) + +* [bitnami/*] Change helm version in the prerequisites (#5090) ([c5e67a3](https://github.com/bitnami/charts/commit/c5e67a388743cbee28439d2cabca27884b9daf97)), closes [#5090](https://github.com/bitnami/charts/issues/5090) +* [bitnami/thanos] Drop values-production.yaml support (#5133) ([6ba10e7](https://github.com/bitnami/charts/commit/6ba10e7af5e89133f5147f46f33db43925c38398)), closes [#5133](https://github.com/bitnami/charts/issues/5133) + +## 3.4.0 (2021-01-15) + +* [bitnami/*] Update ingress for serveral charts (#5012) ([e3bb5a6](https://github.com/bitnami/charts/commit/e3bb5a6e3613d3aefef5561aa3644b34d4cf8a2c)), closes [#5012](https://github.com/bitnami/charts/issues/5012) + +## 3.3.2 (2021-01-07) + +* [bitnami/thanos] Release 3.3.2 updating components versions ([e135c0e](https://github.com/bitnami/charts/commit/e135c0ef3067a16887921205fc0788511b317d53)) + +## 3.3.1 (2021-01-07) + +* [bitnami/minio,harbor,thanos,pytorch] Add trademark to MinIO (#4901) ([54e4bd7](https://github.com/bitnami/charts/commit/54e4bd7b97cf808d378c05361609922d3be3a1a0)), closes [#4901](https://github.com/bitnami/charts/issues/4901) + +## 3.3.0 (2020-12-15) + +* [bitnami/*] Affinity based on common presets (viii) (#4721) ([950ac9c](https://github.com/bitnami/charts/commit/950ac9cd4d3914b7ffe7966b75876f416e479883)), closes [#4721](https://github.com/bitnami/charts/issues/4721) +* [bitnami/*] fix typos (#4699) ([49adc63](https://github.com/bitnami/charts/commit/49adc63b672da976c55af2e077aa5648a357b77f)), closes [#4699](https://github.com/bitnami/charts/issues/4699) + +## 3.2.4 (2020-12-11) + +* [bitnami/*] Update dependencies (#4694) ([2826c12](https://github.com/bitnami/charts/commit/2826c125b42505f28431301e3c1bbe5366e47a01)), closes [#4694](https://github.com/bitnami/charts/issues/4694) + +## 3.2.3 (2020-12-08) + +* [bitnami/thanos] Release 3.2.3 updating components versions ([ef69f62](https://github.com/bitnami/charts/commit/ef69f62151d1d22a2b4d49452e8b7560ebae8dda)) + +## 3.2.2 (2020-12-01) + +* [bitnami/thanos] Reorder HPA to prevent GitOps Diff (#4531) ([7acaf67](https://github.com/bitnami/charts/commit/7acaf674406cbbf1022221efdd445bee47e8a19e)), closes [#4531](https://github.com/bitnami/charts/issues/4531) + +## 3.2.1 (2020-11-26) + +* [bitnami/thanos] Release 3.2.1 updating components versions ([09caa98](https://github.com/bitnami/charts/commit/09caa986155b481dfb420e6fe49ebc68483faee4)) + +## 3.2.0 (2020-11-25) + +* [bitnami/thanos] allow $component.extraFlags to contain multi-line strings (#4473) ([2a349c6](https://github.com/bitnami/charts/commit/2a349c6e5748f1306bbf599870f511170b0a406a)), closes [#4473](https://github.com/bitnami/charts/issues/4473) + +## 3.1.1 (2020-11-25) + +* [bitnami/thanos] Release 3.1.1 updating components versions ([52b2238](https://github.com/bitnami/charts/commit/52b223822ce72b28961774a047018021fcbc34b8)) + +## 3.1.0 (2020-11-24) + +* [bitnami/thanos] rename querier component to query (#4307) ([b9cc743](https://github.com/bitnami/charts/commit/b9cc743812f3d1d9cd1e6b98bfafc9cea4ca32d4)), closes [#4307](https://github.com/bitnami/charts/issues/4307) + +## 3.0.1 (2020-11-19) + +* [bitnami/thanos] Release 3.0.1 updating components versions ([6339dc6](https://github.com/bitnami/charts/commit/6339dc69905d285713c4afb3bb3e33103ebaf317)) + +## 3.0.0 (2020-11-11) + +* [bitnami/thanos] Major version. Adapt Chart to apiVersion: v2 (#4317) ([5ec13cb](https://github.com/bitnami/charts/commit/5ec13cbbd6ef2c9f2e235a7b408a003f6ff7f621)), closes [#4317](https://github.com/bitnami/charts/issues/4317) + +## 2.7.1 (2020-11-11) + +* fix(thanos): add configmap checksum annotation to query-frontend and storegateway (#4247) ([a604dcd](https://github.com/bitnami/charts/commit/a604dcd385c01c998b392911a0d917532414277c)), closes [#4247](https://github.com/bitnami/charts/issues/4247) + +## 2.7.0 (2020-11-11) + +* [bitnami/thanos] fix: add tls switch to enable TLS with cert-manager for querier and bucketweb ingre ([85e5867](https://github.com/bitnami/charts/commit/85e586758c7a5e02422ef3d1650695e22a335767)), closes [#4218](https://github.com/bitnami/charts/issues/4218) + +## 2.6.0 (2020-11-05) + +* [bitnami/*] Include link to Troubleshootin guide on README.md (#4136) ([c08a20e](https://github.com/bitnami/charts/commit/c08a20e3db004215383004ff023a73fcc2522e72)), closes [#4136](https://github.com/bitnami/charts/issues/4136) +* [bitnami/thanos] allow overriding service selectors (#4211) ([843594f](https://github.com/bitnami/charts/commit/843594f61bde8c91396d2aa4a840575c71fdd188)), closes [#4211](https://github.com/bitnami/charts/issues/4211) + +## 2.5.3 (2020-10-26) + +* [bitnami/thanos] Release 2.5.3 updating components versions ([e4f2983](https://github.com/bitnami/charts/commit/e4f2983c999414edf3b053cfa99488c7cb8e0356)) + +## 2.5.2 (2020-10-26) + +* Split Thanos ingress.yaml into two separate ingresses (#4101) ([3362d74](https://github.com/bitnami/charts/commit/3362d743a2a837a8fd4d86e5c84cf4f9b694098c)), closes [#4101](https://github.com/bitnami/charts/issues/4101) + +## 2.5.1 (2020-10-23) + +* [bitnami/thanos] Expose missing podManagementPolicy key for statefulset (#4092) ([9704c29](https://github.com/bitnami/charts/commit/9704c29795b7a8a0258f14d4d030da23acba71c2)), closes [#4092](https://github.com/bitnami/charts/issues/4092) + +## 2.5.0 (2020-10-21) + +* [bitnami/thanos] Add Thanos Query Frontend (#4009) ([3abd227](https://github.com/bitnami/charts/commit/3abd2270bef740d4bd054b831566ea3a09bf7437)), closes [#4009](https://github.com/bitnami/charts/issues/4009) +* Update README.md ([a78ebe0](https://github.com/bitnami/charts/commit/a78ebe00cadc6d97e3a08a1e28af305ffc67324c)) + +## 2.4.6 (2020-10-14) + +* feat(thanos): Enable thanos TLS client in a modular way (#3989) ([28a4845](https://github.com/bitnami/charts/commit/28a4845ae3c645b7dbda8f13cddb441b58dbe53e)), closes [#3989](https://github.com/bitnami/charts/issues/3989) + +## 2.4.5 (2020-10-08) + +* [bitnami/thanos] Release 2.4.5 updating components versions ([53ed3f2](https://github.com/bitnami/charts/commit/53ed3f2c41801df698abcdf06967756dc31fbbec)) + +## 2.4.4 (2020-10-02) + +* [bitnami/thanos] added psp for thanos querier (#3819) ([8976ec4](https://github.com/bitnami/charts/commit/8976ec476ac5e8068752536e49686164ae417ca4)), closes [#3819](https://github.com/bitnami/charts/issues/3819) + +## 2.4.3 (2020-10-02) + +* [bitnami/thanos] Use GRPC extra hosts for thanos querier (#3837) ([94b5825](https://github.com/bitnami/charts/commit/94b58258528eaea60661515c9c9fb6240a84ee43)), closes [#3837](https://github.com/bitnami/charts/issues/3837) + +## 2.4.2 (2020-09-28) + +* [bitnami/thanos] fixes thanos querier sdconfig mount as file, not as path (#3789) ([840d880](https://github.com/bitnami/charts/commit/840d880e5cd52599b73831348172fd187be1f263)), closes [#3789](https://github.com/bitnami/charts/issues/3789) + +## 2.4.1 (2020-09-16) + +* [bitnami/thanos] Querier allow multiple replica labels (#3682) ([0e2351f](https://github.com/bitnami/charts/commit/0e2351f89caabffa14cb96b09a67db57cbd5f19b)), closes [#3682](https://github.com/bitnami/charts/issues/3682) + +## 2.4.0 (2020-09-15) + +* [bitnami/thanos] Fixes for Ingresses of Querier and Bucketweb in Thanos Chart (#3652) ([b96af28](https://github.com/bitnami/charts/commit/b96af28eea219edfc1b90d130cb6453cc779774b)), closes [#3652](https://github.com/bitnami/charts/issues/3652) + +## 2.3.4 (2020-09-08) + +* [bitnami/thanos] Release 2.3.4 updating components versions ([c30dd7f](https://github.com/bitnami/charts/commit/c30dd7f95a3ca1bafbb8e114c8985c65c6a74781)) + +## 2.3.3 (2020-09-07) + +* [bitnami/metrics-server] Add source repo (#3577) ([1ed12f9](https://github.com/bitnami/charts/commit/1ed12f96af75322b46afdb2b3d9907c11b13f765)), closes [#3577](https://github.com/bitnami/charts/issues/3577) +* [bitnami/thanos] fix thanos ruler alert label drop (#3599) ([f34abeb](https://github.com/bitnami/charts/commit/f34abebec50b3751707abffc07d7b70d51a229ee)), closes [#3599](https://github.com/bitnami/charts/issues/3599) + +## 2.3.2 (2020-08-19) + +* Fix mountPath for existingObjstoreSecretItems (#3452) ([f5d4b4d](https://github.com/bitnami/charts/commit/f5d4b4d90efa141a329ba91d1b197641b9e34661)), closes [#3452](https://github.com/bitnami/charts/issues/3452) + +## 2.3.1 (2020-08-14) + +* fix(thanos) change objstore mount path for ruler (#3396) ([277cf7c](https://github.com/bitnami/charts/commit/277cf7cd9b0bfd19a85a49e4b1f6bb903dbc8bb0)), closes [#3396](https://github.com/bitnami/charts/issues/3396) + +## 2.3.0 (2020-08-12) + +* [bitnami/thanos]Add option to configure index storegateway (#3400) ([7bc2bce](https://github.com/bitnami/charts/commit/7bc2bce7094247f9e37a658b66fd1998a349b1df)), closes [#3400](https://github.com/bitnami/charts/issues/3400) + +## 2.2.0 (2020-08-12) + +* [bitnami/thanos] Add cache configuration blocks to Thanos store. Index and Bucket (#3387) ([2f2e1dd](https://github.com/bitnami/charts/commit/2f2e1ddcc594c1a6538c1820867862775e009740)), closes [#3387](https://github.com/bitnami/charts/issues/3387) [#3384](https://github.com/bitnami/charts/issues/3384) [#3384](https://github.com/bitnami/charts/issues/3384) + +## 2.1.1 (2020-08-07) + +* Hotfix. Didn't remove filename in mountPath (#3359) ([991b553](https://github.com/bitnami/charts/commit/991b553d4903dffcc0170874bb6d780be9ab0e65)), closes [#3359](https://github.com/bitnami/charts/issues/3359) + +## 2.1.0 (2020-08-07) + +* During PR version got bumped by bot. Fix it with new version (#3356) ([dc51a5b](https://github.com/bitnami/charts/commit/dc51a5bcb62621c95209e2ae9798003640975675)), closes [#3356](https://github.com/bitnami/charts/issues/3356) +* Move ruler rules to seperate folder (#3323) ([4f0976f](https://github.com/bitnami/charts/commit/4f0976fdbd80be747818174e8dc0ceabc67dfaa8)), closes [#3323](https://github.com/bitnami/charts/issues/3323) +* Update README.md ([939c616](https://github.com/bitnami/charts/commit/939c6166d75a4fcdd70fbc759e8847b69353996e)) + +## 2.0.1 (2020-08-05) + +* [bitnami/*] Fix TL;DR typo in READMEs (#3280) ([3d7ab40](https://github.com/bitnami/charts/commit/3d7ab406fecd64f1af25f53e7d27f03ec95b29a4)), closes [#3280](https://github.com/bitnami/charts/issues/3280) +* [bitnami/thanos] Release 2.0.1 updating components versions ([66139a3](https://github.com/bitnami/charts/commit/66139a37263bd84a2534df4ed75a8affe8d1ef13)) + +## 2.0.0 (2020-07-30) + +* [bitnami/thanos] Improve the way boolean/multi flags are passed (#3245) ([8131746](https://github.com/bitnami/charts/commit/81317464e6bed9c8cf6b5058db3f9cdc7c7518cb)), closes [#3245](https://github.com/bitnami/charts/issues/3245) + +## 1.4.1 (2020-07-21) + +* [bitnami/thanos] Release 1.4.1 updating components versions ([0a06d57](https://github.com/bitnami/charts/commit/0a06d579e8e4ffc2752e00a09dd1bccccc881300)) + +## 1.4.0 (2020-07-21) + +* [bitnami/thanos] Additional labels for Prometheus ServiceMonitor (#3160) ([55b6e9f](https://github.com/bitnami/charts/commit/55b6e9fbaa6fe98c36224122c0f61e0048e5454f)), closes [#3160](https://github.com/bitnami/charts/issues/3160) + +## 1.3.4 (2020-07-15) + +* [bitnami/thanos] Release 1.3.4 updating components versions ([3c3f801](https://github.com/bitnami/charts/commit/3c3f801156d19f2cbb94a5d31e79c4af80a7e364)) + +## 1.3.3 (2020-07-13) + +* [bitnami/all] Add categories (#3075) ([63bde06](https://github.com/bitnami/charts/commit/63bde066b87a140fab52264d0522401ab3d63509)), closes [#3075](https://github.com/bitnami/charts/issues/3075) +* [bitnami/thanos] Drop the replica label on alerts for Ruler (#3051) ([d2b35dc](https://github.com/bitnami/charts/commit/d2b35dc934f9a9c226e35f28e8cfb2b74ac10e56)), closes [#3051](https://github.com/bitnami/charts/issues/3051) + +## 1.3.2 (2020-07-10) + +* guard servername verification for tls client auth (#3081) ([6687d63](https://github.com/bitnami/charts/commit/6687d6318760fb5b6064eedca83c0ecf98f6c215)), closes [#3081](https://github.com/bitnami/charts/issues/3081) + +## 1.3.1 (2020-07-09) + +* [bitnami/thanos] Release 1.3.1 updating components versions ([8285ada](https://github.com/bitnami/charts/commit/8285ada326f4e76177108b65f9bdf3fa5164a134)) + +## 1.3.0 (2020-07-09) + +* [bitnami/thanos] grpc tls server/client for thanos querier (#3042) ([4bc2362](https://github.com/bitnami/charts/commit/4bc2362f8c8e4d08ac4d25b760a68a1df305e390)), closes [#3042](https://github.com/bitnami/charts/issues/3042) + +## 1.2.1 (2020-07-08) + +* [bitnami/thanos] Release 1.2.1 updating components versions ([cf93930](https://github.com/bitnami/charts/commit/cf93930b638764b656e6c8174e3131f155eea49f)) + +## 1.2.0 (2020-07-08) + +* [bitnami/thanos] add existing serviceaccount support (#3037) ([68f2496](https://github.com/bitnami/charts/commit/68f249615cba23f9dbe9f56bbf9252a7b4f9e744)), closes [#3037](https://github.com/bitnami/charts/issues/3037) + +## 1.1.3 (2020-07-03) + +* [bitnami/thanos] Release 1.1.3 updating components versions ([7780a70](https://github.com/bitnami/charts/commit/7780a708a3c5fb2e68e05b725f587e0cc55d70af)) + +## 1.1.2 (2020-06-29) + +* [bitnami/thanos] Fix bucket command (#2934) ([1122391](https://github.com/bitnami/charts/commit/1122391a57cf3222cd6393a5fe85baaf677f4b09)), closes [#2934](https://github.com/bitnami/charts/issues/2934) + +## 1.1.1 (2020-06-22) + +* [bitnami/thanos] Release 1.1.1 updating components versions ([63bff36](https://github.com/bitnami/charts/commit/63bff36cf31bd2032bd94fbe507d7e95eb78336a)) + +## 1.1.0 (2020-06-02) + +* [bitnami/thanos] Add Ingress for Querier GRPC service (#2702) ([f3a624f](https://github.com/bitnami/charts/commit/f3a624f5e0508a39d9c6aed00af9342b749c479f)), closes [#2702](https://github.com/bitnami/charts/issues/2702) + +## 1.0.2 (2020-05-29) + +* [bitnami/thanos] Release 1.0.2 updating components versions ([f17b87d](https://github.com/bitnami/charts/commit/f17b87d0a6cf96bf5345579bf8633ab6eabd6655)) + +## 1.0.1 (2020-05-29) + +* [bitnami/thanos] fix tolerations defaults (#2699) ([1ddeb18](https://github.com/bitnami/charts/commit/1ddeb18c7bbdb559a59e210887114286d3dc0428)), closes [#2699](https://github.com/bitnami/charts/issues/2699) + +## 1.0.0 (2020-05-28) + +* [bitnami/thanos]: Move querier Ingress config to querier section (#2684) ([bb25f72](https://github.com/bitnami/charts/commit/bb25f72d4dd9e686485853106abbf2e034eabfa3)), closes [#2684](https://github.com/bitnami/charts/issues/2684) + +## 0.7.0 (2020-05-26) + +* [bitnami/thanos]: Add bucketweb Ingress resource (#2656) ([d9ae4b8](https://github.com/bitnami/charts/commit/d9ae4b89a4d846c4848e3dcbc94713c70402b5b6)), closes [#2656](https://github.com/bitnami/charts/issues/2656) + +## 0.6.0 (2020-05-26) + +* [bitnami/thanos]: Add HPA for Thanos storegateway (#2643) ([0705d14](https://github.com/bitnami/charts/commit/0705d14063d28c3951d6ef5de6a5ba9f41a47b8f)), closes [#2643](https://github.com/bitnami/charts/issues/2643) +* update bitnami/common to be compatible with helm v2.12+ (#2615) ([c7751eb](https://github.com/bitnami/charts/commit/c7751eb5764e468e1854b58a1b8491d2b13e0a4a)), closes [#2615](https://github.com/bitnami/charts/issues/2615) + +## 0.5.3 (2020-04-30) + +* [bitnami/thanos] Release 0.5.3 updating components versions ([c24909e](https://github.com/bitnami/charts/commit/c24909e001f70993475b057c58540d5fdcc5f3b5)) + +## 0.5.2 (2020-04-22) + +* [bitnami/thanos] Release 0.5.2 updating components versions ([b770b87](https://github.com/bitnami/charts/commit/b770b87ee98fb045e205b7e4070922288ff91161)) + +## 0.5.1 (2020-04-22) + +* [bitnami/thanos] Release 0.5.1 updating components versions ([cd05d59](https://github.com/bitnami/charts/commit/cd05d59d7f9ae68a830f516c81142bab2bf9407f)) + +## 0.5.0 (2020-04-21) + +* [bitnami/thanos] provide Objstore config via secret (#2366) ([65354b2](https://github.com/bitnami/charts/commit/65354b2bef5f3d1c1bae0da7b1d6bbcecf60eee6)), closes [#2366](https://github.com/bitnami/charts/issues/2366) [#2366](https://github.com/bitnami/charts/issues/2366) + +## 0.4.3 (2020-04-16) + +* [bitnami/thanos bitnami/memcached] Add global storageClass (#2344) ([693978d](https://github.com/bitnami/charts/commit/693978d6f21ccb3c1f721e47fbb53fa09addc519)), closes [#2344](https://github.com/bitnami/charts/issues/2344) + +## 0.4.2 (2020-04-15) + +* [bitnami/thanos] Release 0.4.2 updating components versions ([55cd51b](https://github.com/bitnami/charts/commit/55cd51b62d589180931369240e44036b7f961390)) + +## 0.4.1 (2020-04-13) + +* [bitnami/thanos] Release 0.4.1 updating components versions ([337ecf0](https://github.com/bitnami/charts/commit/337ecf0922402e3877c2d0f0eece49923b1beee3)) + +## 0.4.0 (2020-04-10) + +* [bitnami/thanos] Add support to create Headless services (#2263) ([a8f82eb](https://github.com/bitnami/charts/commit/a8f82eb66057a1156797fed8c773cb3019adef3d)), closes [#2263](https://github.com/bitnami/charts/issues/2263) + +## 0.3.2 (2020-04-08) + +* [bitnami/thanos] Add missing podAnnotations (#2250) ([231d067](https://github.com/bitnami/charts/commit/231d067d2a6a7d4eeada5705048ea11981a96cd2)), closes [#2250](https://github.com/bitnami/charts/issues/2250) + +## 0.3.1 (2020-04-07) + +* [bitnami/thanos] Release 0.3.1 updating components versions ([81bf5e2](https://github.com/bitnami/charts/commit/81bf5e2677c7d2bc3bf7387fa49b2d49bb23d53f)) + +## 0.3.0 (2020-04-07) + +* [bitnami/thanos] Adds support to add annotations to Service Accounts (#2182) ([50576ec](https://github.com/bitnami/charts/commit/50576ece3985a62cdee90b3e22d0a23e1e7e606e)), closes [#2182](https://github.com/bitnami/charts/issues/2182) + +## 0.2.2 (2020-03-20) + +* [bitnami/thanos] Release 0.2.2 updating components versions ([11bba72](https://github.com/bitnami/charts/commit/11bba729d16f427c98abe410fa772bbcb4e4c841)) + +## 0.2.1 (2020-03-16) + +* [bitnami/thanos] Release 0.2.1 updating components versions ([d892bf6](https://github.com/bitnami/charts/commit/d892bf6aec753af3dc043801721d58a8d8389896)) + +## 0.2.0 (2020-03-12) + +* [bitnami/thanos] use the `tpl` function in querier of helm3 (#2024) ([2982a65](https://github.com/bitnami/charts/commit/2982a65558e558c002e9f1337923e90b2de7e235)), closes [#2024](https://github.com/bitnami/charts/issues/2024) [#2024](https://github.com/bitnami/charts/issues/2024) + +## 0.1.10 (2020-03-12) + +* [bitnami/thanos] Release 0.1.10 updating components versions ([1d8c059](https://github.com/bitnami/charts/commit/1d8c059f808fe58e26fdc21f2deb2878c911c8b0)) + +## 0.1.9 (2020-03-11) + +* Move charts from upstreamed folder to bitnami (#2032) ([a0e44f7](https://github.com/bitnami/charts/commit/a0e44f7d6a10b8b5643186130ea420887cb72c7c)), closes [#2032](https://github.com/bitnami/charts/issues/2032) + +## 0.1.8 (2020-03-10) + +* [bitnami/thanos] Fix pvc creation on compactor.enabled = false (#2020) ([b4fe943](https://github.com/bitnami/charts/commit/b4fe9435b7fc4eaf7034b2ddfa3b77e7a87e5bd0)), closes [#2020](https://github.com/bitnami/charts/issues/2020) + +## 0.1.7 (2020-03-02) + +* [bitnami/thanos] Release 0.1.7 updating components versions ([da01f27](https://github.com/bitnami/charts/commit/da01f27cc3fe8ec137368753ac7dc1a13307c804)) + +## 0.1.6 (2020-02-27) + +* [bitnami/thanos] Release 0.1.6 updating components versions ([c47901b](https://github.com/bitnami/charts/commit/c47901bed7af3a0ca82bdfc5fd7be6e988a4e934)) + +## 0.1.5 (2020-02-25) + +* fixed indentation in thanos compactor pvc.yaml (#1970) ([8cea393](https://github.com/bitnami/charts/commit/8cea3931545d805dbc326578151fe77884f82fdc)), closes [#1970](https://github.com/bitnami/charts/issues/1970) + +## 0.1.4 (2020-02-20) + +* [bitnami/thanos] Release 0.1.4 updating components versions ([883a3fb](https://github.com/bitnami/charts/commit/883a3fb4bcefa10aeba490f5f6a26bd4269ad753)) + +## 0.1.3 (2020-02-19) + +* [bitnami/*] Fix requirements.lock (#1950) ([1fa6eb9](https://github.com/bitnami/charts/commit/1fa6eb9f56ea7c47a7425a33417edb8eb366a180)), closes [#1950](https://github.com/bitnami/charts/issues/1950) + +## 0.1.2 (2020-02-18) + +* [bitnami/thanos] Release 0.1.2 updating components versions ([32957fd](https://github.com/bitnami/charts/commit/32957fd43c98f041e404aca7d89e76e3f0a08bfb)) +* Fix Thanos 'requirements.lock' (#1923) ([313456a](https://github.com/bitnami/charts/commit/313456a9a5146c3c18e88e8accdc4898b1441e34)), closes [#1923](https://github.com/bitnami/charts/issues/1923) + +## 0.1.1 (2020-02-13) + +* [bitnami/thanos] Use buster in secondary images (#1919) ([3e62376](https://github.com/bitnami/charts/commit/3e623769685147b10d0f37af25764ad6cb9637c7)), closes [#1919](https://github.com/bitnami/charts/issues/1919) + +## 0.1.0 (2020-02-12) + +* Add new chart: Thanos (#1893) ([e58eff5](https://github.com/bitnami/charts/commit/e58eff5ba61dc815349d319c6f057009f0705d88)), closes [#1893](https://github.com/bitnami/charts/issues/1893) diff --git a/charts/thanos/Chart.lock b/charts/thanos/Chart.lock new file mode 100644 index 0000000000..5d93e36532 --- /dev/null +++ b/charts/thanos/Chart.lock @@ -0,0 +1,9 @@ +dependencies: +- name: minio + repository: oci://registry-1.docker.io/bitnamicharts + version: 14.6.28 +- name: common + repository: oci://registry-1.docker.io/bitnamicharts + version: 2.20.5 +digest: sha256:3e6ba21a7983d39ba1eff3422cf24d5c2dce3cf4042d98e85a1f13d3379c6e44 +generated: "2024-07-25T10:14:29.616420151Z" diff --git a/charts/thanos/Chart.yaml b/charts/thanos/Chart.yaml new file mode 100644 index 0000000000..1176c8df5d --- /dev/null +++ b/charts/thanos/Chart.yaml @@ -0,0 +1,34 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +annotations: + category: Analytics + licenses: Apache-2.0 + images: | + - name: os-shell + image: docker.io/bitnami/os-shell:12-debian-12-r27 + - name: thanos + image: docker.io/bitnami/thanos:0.35.1-debian-12-r5 +apiVersion: v2 +appVersion: 0.35.1 +dependencies: +- name: common + repository: oci://registry-1.docker.io/bitnamicharts + tags: + - bitnami-common + version: 2.x.x +description: Thanos is a highly available metrics system that can be added on top of existing Prometheus deployments, providing a global query view across all Prometheus installations. +home: https://bitnami.com +icon: https://bitnami.com/assets/stacks/thanos/img/thanos-stack-220x234.png +keywords: +- analytics +- monitoring +- prometheus +- thanos +maintainers: +- name: Broadcom, Inc. All Rights Reserved. + url: https://github.com/bitnami/charts +name: thanos +sources: +- https://github.com/bitnami/charts/tree/main/bitnami/thanos +version: 15.7.15 diff --git a/charts/thanos/README.md b/charts/thanos/README.md new file mode 100644 index 0000000000..c9d9161d53 --- /dev/null +++ b/charts/thanos/README.md @@ -0,0 +1,1857 @@ + + +# Bitnami package for Thanos + +Thanos is a highly available metrics system that can be added on top of existing Prometheus deployments, providing a global query view across all Prometheus installations. + +[Overview of Thanos](https://thanos.io/) + +Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. + +## TL;DR + +```console +helm install my-release oci://registry-1.docker.io/bitnamicharts/thanos +``` + +Looking to use Thanos in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. + +## Introduction + +This chart bootstraps a [Thanos](https://github.com/bitnami/containers/tree/main/bitnami/thanos) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. + +## Prerequisites + +- Kubernetes 1.23+ +- Helm 3.8.0+ +- PV provisioner support in the underlying infrastructure + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/thanos +``` + +> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. + +These commands deploy Thanos on the Kubernetes cluster with the default configuration. The [configuration](#configuration-and-installation-details) section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +## Architecture + +This charts allows you install several Thanos components, so you deploy an architecture as the one below: + +```text + +--------------+ +--------------+ +--------------+ + | Thanos |----------------> | Thanos Store | | Thanos | + | Query | | | Gateway | | Compactor | + +--------------+ | +--------------+ +--------------+ + push | | | ++--------------+ alerts +--------------+ | | storages | Downsample & +| Alertmanager | <----------| Thanos | <----| | query metrics | compact blocks +| (*) | | Ruler | | | | ++--------------+ +--------------+ | \/ | + ^ | | +----------------+ | + | push alerts +--------------|----> | MinIO® (*) | <---------+ + | | | | ++------------------------------+ | +----------------+ +|+------------+ +------------+| | ^ +|| Prometheus |->| Thanos || <----------------+ | +|| (*) |<-| Sidecar (*)|| query | inspect +|+------------+ +------------+| metrics | blocks ++------------------------------+ | + +--------------+ + | Thanos | + | Bucket Web | + +--------------+ +``` + +> Note: Components marked with (*) are provided by subchart(s) (such as the [Bitnami MinIO® chart](https://github.com/bitnami/charts/tree/main/bitnami/minio)) or external charts (such as the [Bitnami kube-prometheus chart](https://github.com/bitnami/charts/tree/main/bitnami/kube-prometheus)). + +Check the section [Integrate Thanos with Prometheus and Alertmanager](#integrate-thanos-with-prometheus-and-alertmanager) for detailed instructions to deploy this architecture. + +## Configuration and installation details + +### Resource requests and limits + +Bitnami charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the `resources` value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case. + +To make this process easier, the chart contains the `resourcesPreset` values, which automatically sets the `resources` section according to different presets. Check these presets in [the bitnami/common chart](https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15). However, in production workloads using `resourcePreset` is discouraged as it may not fully adapt to your specific needs. Find more information on container resource management in the [official Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/). + +### [Rolling VS Immutable tags](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html) + +It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. + +Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. + +### Adding extra flags + +In case you want to add extra flags to any Thanos component, you can use `XXX.extraFlags` parameter(s), where XXX is placeholder you need to replace with the actual component(s). For instance, to add extra flags to Thanos Store Gateway, use: + +```yaml +storegateway: + extraFlags: + - --sync-block-duration=3m + - --chunk-pool-size=2GB +``` + +This also works for multi-line flags. This can be useful when you want to configure caching for a particular component without using a configMap. For example, to configure the [query-range response cache of the Thanos Query Frontend](https://thanos.io/tip/components/query-frontend.md/#memcached), use: + +```yaml +queryFrontend: + extraFlags: + - | + --query-range.response-cache-config= + type: MEMCACHED + config: + addresses: + - :11211 + timeout: 500ms + max_idle_connections: 100 + max_async_concurrency: 10 + max_async_buffer_size: 10000 + max_get_multi_concurrency: 100 + max_get_multi_batch_size: 0 + dns_provider_update_interval: 10s + expiration: 24h +``` + +### Using custom Objstore configuration + +This helm chart supports using custom Objstore configuration. + +You can specify the Objstore configuration using the `objstoreConfig` parameter. + +In addition, you can also set an external Secret with the configuration file. This is done by setting the `existingObjstoreSecret` parameter. Note that this will override the previous option. If needed you can also provide a custom Secret Key with `existingObjstoreSecretItems`, please be aware that the Path of your Secret should be `objstore.yml`. + +### Using custom Query Service Discovery configuration + +This helm chart supports using custom Service Discovery configuration for Query. + +You can specify the Service Discovery configuration using the `query.sdConfig` parameter. + +In addition, you can also set an external ConfigMap with the Service Discovery configuration file. This is done by setting the `query.existingSDConfigmap` parameter. Note that this will override the previous option. + +### Using custom Ruler configuration + +This helm chart supports using custom Ruler configuration. + +You can specify the Ruler configuration using the `ruler.config` parameter. + +In addition, you can also set an external ConfigMap with the configuration file. This is done by setting the `ruler.existingConfigmap` parameter. Note that this will override the previous option. + +### Running Thanos with HTTPS and basic authentication + +This helm charts supports using HTTPS and basic authentication. The underlying feature is experimental and might change in the future, so are the associated settings in the chart. +For more information, please refer to [Thanos documentation](https://thanos.io/tip/operating/https.md/#running-thanos-with-https-and-basic-authentication). + +This feature can be enabled by using the following values: + +- `https.enabled=true`. Enabling HTTPS requires the user to provide the TLS certificate and Key for Thanos, which can be done using one of the following options: + + - Provide a secret using `https.existingSecret`. The secret must contain the keys `tls.crt` or `tls.key` (key names can be renamed using the values `https.keyFilename` and `https.certFilename`). + - Provide the certificate and key in your values.yaml under the values `https.cert` and `https.key`. + - Use `https.autoGenerated=true`, using this value Helm will generate a self-signed key pair during the chart initialization. Not recommended for production environments. + +- `auth.basicAuthUsers.*`. An dictionary of key / values, where the keys corresponds to the users that will have access to Thanos and the values are the plaintext passwords. Passwords will be later encrypted with bcrypt. +- Alternatively, provide your own Thanos http config file using the value `httpConfig` or `existingHttpConfigSecret`. This may cause any settings under `https.*` or `auth.*` to be ignored, except for the settings related to the TLS certificates. When providing a configuration file using these parameters, the chart Probes will fail to initialize unless one of the following fixes are applied: + - Set `https.enabled` or `auth.basicAuthUsers` with at least one user, matching the configuration file you provided. That way Probes will be configured with HTTPS and/or basic authentication accordingly. + - Configure your own Probes using `.customLivenessProbe`, `.customReadinessProbe` and `.customStartupProbe`. + - **Not recommended**. Disable the Probes. + +### Store time partitions + +Thanos store supports partion based on time. + +Setting time partitions will create N number of store statefulsets based on the number of items in the `timePartitioning` list. Each item must contain the min and max time for querying in the supported format (find more details at [Thanos documentation](https://thanos.io/tip/components/store.md/#time-based-partitioning)). + +> Note: leaving the `timePartitioning` list empty (`[]`) will create a single store for all data. + +For instance, to use 3 stores you can use a **values.yaml** like the one below: + +```yaml +timePartitioning: + # One store for data older than 6 weeks + - min: "" + max: -6w + # One store for data newer than 6 weeks and older than 2 weeks + - min: -6w + max: -2w + # One store for data newer than 2 weeks + - min: -2w + max: "" +``` + +You can also specify different resources and limits configurations for each storegateway statefulset. This is done by adding a `resources.requests` and `resources.limits` to each item you wish to change, as shown below: + +```yaml +timePartitioning: + # One store for data older than 6 weeks + - min: "" + max: -6w + # One store for data newer than 6 weeks and older than 2 weeks + - min: -6w + max: -2w + resources: #optional resources declaration for partition + requests: + cpu: 10m + memory: 100Mi + limits: + cpu: 20m + memory: 100Mi + # One store for data newer than 2 weeks + - min: -2w + max: "" +``` + +### Integrate Thanos with Prometheus and Alertmanager + +You can integrate Thanos with Prometheus & Alertmanager using this chart and the [Bitnami kube-prometheus chart](https://github.com/bitnami/charts/tree/main/bitnami/kube-prometheus) following the steps below: + +> Note: in this example we will use MinIO® (subchart) as the Objstore. Every component will be deployed in the "monitoring" namespace. + +- Create a **values.yaml** like the one below: + +```yaml +objstoreConfig: |- + type: s3 + config: + bucket: thanos + endpoint: {{ include "thanos.minio.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local:9000 + access_key: minio + secret_key: minio123 + insecure: true +query: + dnsDiscovery: + sidecarsService: kube-prometheus-prometheus-thanos + sidecarsNamespace: monitoring +bucketweb: + enabled: true +compactor: + enabled: true +storegateway: + enabled: true +ruler: + enabled: true + alertmanagers: + - http://kube-prometheus-alertmanager.monitoring.svc.cluster.local:9093 + config: |- + groups: + - name: "metamonitoring" + rules: + - alert: "PrometheusDown" + expr: absent(up{prometheus="monitoring/kube-prometheus"}) +metrics: + enabled: true + serviceMonitor: + enabled: true +minio: + enabled: true + auth: + rootPassword: minio123 + rootUser: minio + monitoringBuckets: thanos + accessKey: + password: minio + secretKey: + password: minio123 +``` + +- Install Prometheus Operator and Thanos charts: + +For Helm 3: + +```console +$ kubectl create namespace monitoring +helm install kube-prometheus \ + --set prometheus.thanos.create=true \ + --namespace monitoring \ + bitnami/kube-prometheus +helm install thanos \ + --values values.yaml \ + --namespace monitoring \ + oci://REGISTRY_NAME/REPOSITORY_NAME/thanos +``` + +> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. + +That's all! Now you have Thanos fully integrated with Prometheus and Alertmanager. + +### Deploy extra resources + +There are cases where you may want to deploy extra objects, such a ConfigMap containing your app's configuration or some extra deployment with a micro service used by your app. For covering this case, the chart allows adding the full specification of other objects using the `extraDeploy` parameter. + +### Setting Pod's affinity + +This chart allows you to set your custom affinity using the `XXX.affinity` parameter(s). Find more information about Pod's affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). + +As an alternative, you can use of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/main/bitnami/common#affinities) chart. To do so, set the `XXX.podAffinityPreset`, `XXX.podAntiAffinityPreset`, or `XXX.nodeAffinityPreset` parameters. + +## Persistence + +The data is persisted by default using PVC(s) on Thanos components. You can disable the persistence setting the `XXX.persistence.enabled` parameter(s) to `false`. A default `StorageClass` is needed in the Kubernetes cluster to dynamically provision the volumes. Specify another StorageClass in the `XXX.persistence.storageClass` parameter(s) or set `XXX.persistence.existingClaim` if you have already existing persistent volumes to use. + +> Note: you need to substitute the XXX placeholders above with the actual component(s) you want to configure. + +### Adjust permissions of persistent volume mountpoint + +As the images run as non-root by default, it is necessary to adjust the ownership of the persistent volumes so that the containers can write data into it. + +By default, the chart is configured to use Kubernetes Security Context to automatically change the ownership of the volumes. However, this feature does not work in all Kubernetes distributions. +As an alternative, this chart supports using an initContainer to change the ownership of the volumes before mounting it in the final destination. + +You can enable this initContainer by setting `volumePermissions.enabled` to `true`. + +## Parameters + +### Global parameters + +| Name | Description | Value | +| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------ | +| `global.imageRegistry` | Global Docker image registry | `""` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | +| `global.defaultStorageClass` | Global default StorageClass for Persistent Volume(s) | `""` | +| `global.storageClass` | DEPRECATED: use global.defaultStorageClass instead | `""` | +| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `auto` | + +### Common parameters + +| Name | Description | Value | +| ------------------- | -------------------------------------------------------------------------------------------- | --------------- | +| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `""` | +| `nameOverride` | String to partially override common.names.fullname template (will maintain the release name) | `""` | +| `fullnameOverride` | String to fully override common.names.fullname template | `""` | +| `commonLabels` | Add labels to all the deployed resources | `{}` | +| `commonAnnotations` | Add annotations to all the deployed resources | `{}` | +| `clusterDomain` | Kubernetes Cluster Domain | `cluster.local` | +| `extraDeploy` | Array of extra objects to deploy with the release | `[]` | + +### Thanos common parameters + +| Name | Description | Value | +| ----------------------------- | ----------------------------------------------------------------------------------------------------------------- | ------------------------ | +| `image.registry` | Thanos image registry | `REGISTRY_NAME` | +| `image.repository` | Thanos image repository | `REPOSITORY_NAME/thanos` | +| `image.digest` | Thanos image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `image.pullPolicy` | Thanos image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `objstoreConfig` | The [objstore configuration](https://thanos.io/tip/thanos/storage.md/) | `""` | +| `indexCacheConfig` | The [index cache configuration](https://thanos.io/tip/components/store.md/) | `""` | +| `bucketCacheConfig` | The [bucket cache configuration](https://thanos.io/tip/components/store.md/) | `""` | +| `existingObjstoreSecret` | Secret with Objstore Configuration | `""` | +| `existingObjstoreSecretItems` | Optional item list for specifying a custom Secret key. If so, path should be objstore.yml | `[]` | +| `httpConfig` | The [https and basic auth configuration](https://thanos.io/tip/operating/https.md/) | `""` | +| `existingHttpConfigSecret` | Secret containing the HTTPS and Basic auth configuration | `""` | +| `https.enabled` | Set to true to enable HTTPS. Requires a secret containing the certificate and key. | `false` | +| `https.autoGenerated` | Create self-signed TLS certificates. | `false` | +| `https.existingSecret` | Existing secret containing your own server key and certificate | `""` | +| `https.certFilename` | | `tls.crt` | +| `https.keyFilename` | | `tls.key` | +| `https.caFilename` | | `ca.crt` | +| `https.key` | TLS Key for Thanos HTTPS - ignored if existingSecret is provided | `""` | +| `https.cert` | TLS Certificate for Thanos HTTPS - ignored if existingSecret is provided | `""` | +| `https.ca` | (Optional, used for client) CA Certificate for Thanos HTTPS - ignored if existingSecret is provided | `""` | +| `https.clientAuthType` | Server policy for client authentication using certificates. Maps to ClientAuth Policies. | `""` | +| `https.extraTlsServerConfig` | Extra tls_server_config options | `{}` | +| `auth.basicAuthUsers` | Object containing : key-value pairs for each user that will have access via basic authentication | `{}` | + +### Thanos Query parameters + +| Name | Description | Value | +| --------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------ | +| `query.enabled` | Set to true to enable Thanos Query component | `true` | +| `query.logLevel` | Thanos Query log level | `info` | +| `query.logFormat` | Thanos Query log format | `logfmt` | +| `query.replicaLabel` | Replica indicator(s) along which data is de-duplicated | `["replica"]` | +| `query.dnsDiscovery.enabled` | Enable store APIs discovery via DNS | `true` | +| `query.dnsDiscovery.sidecarsService` | Sidecars service name to discover them using DNS discovery | `""` | +| `query.dnsDiscovery.sidecarsNamespace` | Sidecars namespace to discover them using DNS discovery | `""` | +| `query.stores` | Statically configure store APIs to connect with Thanos Query | `[]` | +| `query.sdConfig` | Query Service Discovery Configuration | `""` | +| `query.existingSDConfigmap` | Name of existing ConfigMap with Ruler configuration | `""` | +| `query.extraEnvVars` | Extra environment variables for Thanos Query container | `[]` | +| `query.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Thanos Query nodes | `""` | +| `query.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Thanos Query nodes | `""` | +| `query.extraFlags` | Extra Flags to passed to Thanos Query | `[]` | +| `query.command` | Override default container command (useful when using custom images) | `[]` | +| `query.args` | Override default container args (useful when using custom images) | `[]` | +| `query.replicaCount` | Number of Thanos Query replicas to deploy | `1` | +| `query.revisionHistoryLimit` | The number of old history to retain to allow rollback | `10` | +| `query.updateStrategy.type` | Update strategy type for Thanos Query replicas | `RollingUpdate` | +| `query.containerPorts.http` | HTTP container port | `10902` | +| `query.containerPorts.grpc` | HTTP container port | `10901` | +| `query.podSecurityContext.enabled` | Enable security context for the Thanos Query pods | `true` | +| `query.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `query.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `query.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `query.podSecurityContext.fsGroup` | Group ID for the filesystem used by Thanos Query pods | `1001` | +| `query.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | +| `query.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `query.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `query.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` | +| `query.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | +| `query.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | +| `query.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` | +| `query.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | +| `query.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | +| `query.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `query.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if query.resources is set (query.resources is recommended for production). | `nano` | +| `query.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `query.livenessProbe.enabled` | Enable livenessProbe on Thanos Query containers | `true` | +| `query.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` | +| `query.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `query.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `30` | +| `query.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | +| `query.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `query.readinessProbe.enabled` | Enable readinessProbe on Thanos Query containers | `true` | +| `query.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | +| `query.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `query.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `30` | +| `query.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | +| `query.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `query.startupProbe.enabled` | Enable startupProbe on Thanos Query containers | `false` | +| `query.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | +| `query.startupProbe.periodSeconds` | Period seconds for startupProbe | `5` | +| `query.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | +| `query.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | +| `query.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `query.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `query.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `query.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `query.initContainers` | Add additional init containers to the Thanos Query pods | `[]` | +| `query.sidecars` | Extra containers running as sidecars to Thanos Query pods | `[]` | +| `query.extraVolumes` | Extra volumes to add to Thanos Query | `[]` | +| `query.extraVolumeMounts` | Extra volume mounts to add to the query container | `[]` | +| `query.podAffinityPreset` | Thanos Query pod affinity preset | `""` | +| `query.podAntiAffinityPreset` | Thanos Query pod anti-affinity preset. Ignored if `query.affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `query.podAntiAffinityPresetTopologyKey` | Thanos Query pod anti-affinity topologyKey. Ignored if `query.affinity` is set. | `""` | +| `query.nodeAffinityPreset.type` | Thanos Query node affinity preset type. Ignored if `query.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `query.nodeAffinityPreset.key` | Thanos Query node label key to match Ignored if `query.affinity` is set. | `""` | +| `query.nodeAffinityPreset.values` | Thanos Query node label values to match. Ignored if `query.affinity` is set. | `[]` | +| `query.affinity` | Thanos Query affinity for pod assignment | `{}` | +| `query.nodeSelector` | Thanos Query node labels for pod assignment | `{}` | +| `query.tolerations` | Thanos Query tolerations for pod assignment | `[]` | +| `query.podLabels` | Thanos Query pod labels | `{}` | +| `query.podAnnotations` | Annotations for Thanos Query pods | `{}` | +| `query.dnsConfig` | Deployment pod DNS config | `{}` | +| `query.dnsPolicy` | Deployment pod DNS policy | `""` | +| `query.hostAliases` | Deployment pod host aliases | `[]` | +| `query.lifecycleHooks` | for the Thanos Query container(s) to automate configuration before or after startup | `{}` | +| `query.priorityClassName` | Thanos Query priorityClassName | `""` | +| `query.schedulerName` | Name of the k8s scheduler (other than default) for Thanos Query pods | `""` | +| `query.topologySpreadConstraints` | Topology Spread Constraints for Thanos Query pods assignment spread across your cluster among failure-domains | `[]` | +| `query.grpc.server.tls.enabled` | Enable TLS encryption in the GRPC server | `false` | +| `query.grpc.server.tls.autoGenerated` | Create self-signed TLS certificates. Currently only supports PEM certificates | `false` | +| `query.grpc.server.tls.cert` | TLS Certificate for GRPC server - ignored if existingSecret is provided | `""` | +| `query.grpc.server.tls.key` | TLS Key for GRPC server - ignored if existingSecret is provided | `""` | +| `query.grpc.server.tls.ca` | TLS CA to verify clients against - ignored if existingSecret is provided | `""` | +| `query.grpc.server.tls.clientAuthEnabled` | Enable TLS client verification against provided CA | `true` | +| `query.grpc.server.tls.existingSecret` | Existing secret containing your own TLS certificates | `{}` | +| `query.grpc.client.serverName` | Server name to verify the hostname on the returned GRPC certificates | `""` | +| `query.grpc.client.tls.enabled` | Enable TLS encryption in the GRPC server | `false` | +| `query.grpc.client.tls.autoGenerated` | Create self-signed TLS certificates. Currently only supports PEM certificates | `false` | +| `query.grpc.client.tls.cert` | TLS Certificate for GRPC server - ignored if existingSecret is provided | `""` | +| `query.grpc.client.tls.key` | TLS Key for GRPC server - ignored if existingSecret is provided | `""` | +| `query.grpc.client.tls.ca` | TLS CA to verify clients against - ignored if existingSecret is provided | `""` | +| `query.grpc.client.tls.existingSecret` | Existing secret containing your own TLS certificates | `{}` | +| `query.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | +| `query.networkPolicy.allowExternal` | Don't require client label for connections | `true` | +| `query.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | +| `query.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `query.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `query.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | +| `query.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | +| `query.service.type` | Kubernetes service type | `ClusterIP` | +| `query.service.ports.http` | Thanos Query service HTTP port | `9090` | +| `query.service.nodePorts.http` | Specify the Thanos Query HTTP nodePort value for the LoadBalancer and NodePort service types | `""` | +| `query.service.clusterIP` | Thanos Query service clusterIP IP | `""` | +| `query.service.loadBalancerIP` | Load balancer IP if service type is `LoadBalancer` | `""` | +| `query.service.loadBalancerSourceRanges` | Address that are allowed when service is LoadBalancer | `[]` | +| `query.service.externalTrafficPolicy` | Thanos Query service externalTrafficPolicy | `Cluster` | +| `query.service.labels` | Labels for Thanos Query service | `{}` | +| `query.service.annotations` | Annotations for Thanos Query service | `{}` | +| `query.service.extraPorts` | Extra ports to expose in the Thanos Query service | `[]` | +| `query.service.labelSelectorsOverride` | Selector for Thanos Query service | `{}` | +| `query.service.additionalHeadless` | Additional Headless service | `false` | +| `query.service.headless.annotations` | Annotations for the headless service. | `{}` | +| `query.serviceGrpc.type` | Kubernetes service type | `ClusterIP` | +| `query.serviceGrpc.ports.grpc` | Thanos Query service GRPC port | `10901` | +| `query.serviceGrpc.nodePorts.grpc` | Specify the Thanos Query GRPC nodePort value for the LoadBalancer and NodePort service types | `""` | +| `query.serviceGrpc.clusterIP` | Thanos Query service clusterIP IP | `""` | +| `query.serviceGrpc.loadBalancerIP` | Load balancer IP if service type is `LoadBalancer` | `""` | +| `query.serviceGrpc.loadBalancerSourceRanges` | Address that are allowed when service is LoadBalancer | `[]` | +| `query.serviceGrpc.externalTrafficPolicy` | Thanos Query service externalTrafficPolicy | `Cluster` | +| `query.serviceGrpc.labels` | Labels for Thanos Query service GRPC | `{}` | +| `query.serviceGrpc.annotations` | Annotations for Thanos Query service | `{}` | +| `query.serviceGrpc.extraPorts` | Extra ports to expose in the Thanos Query service | `[]` | +| `query.serviceGrpc.labelSelectorsOverride` | Selector for Thanos Query service | `{}` | +| `query.serviceGrpc.additionalHeadless` | Additional Headless service | `false` | +| `query.serviceGrpc.headless.annotations` | Annotations for the headless service. | `{}` | +| `query.automountServiceAccountToken` | Enable/disable auto mounting of the service account token only for the deployment | `true` | +| `query.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | +| `query.serviceAccount.name` | Name of the service account to use. If not set and create is true, a name is generated using the fullname template. | `""` | +| `query.serviceAccount.annotations` | Annotations for Thanos Query Service Account | `{}` | +| `query.serviceAccount.automountServiceAccountToken` | Enable/disable auto mounting of the service account token | `false` | +| `query.rbac.create` | Create a ClusterRole and ClusterRoleBinding for the Thanos Query Service Account | `false` | +| `query.rbac.rules` | Custom RBAC rules to set | `[]` | +| `query.pspEnabled` | Whether to create a PodSecurityPolicy for Thanos Query | `false` | +| `query.autoscaling.enabled` | Enable autoscaling for Thanos Query | `false` | +| `query.autoscaling.minReplicas` | Minimum number of Thanos Query replicas | `""` | +| `query.autoscaling.maxReplicas` | Maximum number of Thanos Query replicas | `""` | +| `query.autoscaling.targetCPU` | Target CPU utilization percentage | `""` | +| `query.autoscaling.targetMemory` | Target Memory utilization percentage | `""` | +| `query.pdb.create` | Enable/disable a Pod Disruption Budget creation for Thanos Query | `true` | +| `query.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `""` | +| `query.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` | +| `query.ingress.enabled` | Enable ingress controller resource | `false` | +| `query.ingress.hostname` | Default host for the ingress resource | `thanos.local` | +| `query.ingress.secretName` | Custom secretName for the ingress resource | `""` | +| `query.ingress.ingressClassName` | IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | `""` | +| `query.ingress.annotations` | Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | `{}` | +| `query.ingress.extraHosts` | The list of additional hostnames to be covered with this ingress record. | `[]` | +| `query.ingress.extraTls` | The tls configuration for additional hostnames to be covered with this ingress record. | `[]` | +| `query.ingress.secrets` | If you're providing your own certificates, please use this to add the certificates as secrets | `[]` | +| `query.ingress.extraRules` | Additional rules to be covered with this ingress record | `[]` | +| `query.ingress.tls` | Enable TLS configuration for the hostname defined at `query.ingress.hostname` parameter | `false` | +| `query.ingress.selfSigned` | Create a TLS secret for this ingress record using self-signed certificates generated by Helm | `false` | +| `query.ingress.apiVersion` | Force Ingress API version (automatically detected if not set) | `""` | +| `query.ingress.path` | Ingress path | `/` | +| `query.ingress.pathType` | Ingress path type | `ImplementationSpecific` | +| `query.ingress.grpc.enabled` | Enable ingress controller resource (GRPC) | `false` | +| `query.ingress.grpc.hostname` | Default host for the ingress resource (GRPC) | `thanos-grpc.local` | +| `query.ingress.grpc.secretName` | Custom secretName for the ingress resource (GRPC) | `""` | +| `query.ingress.grpc.ingressClassName` | IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | `""` | +| `query.ingress.grpc.annotations` | Additional annotations for the Ingress resource (GRPC). To enable certificate autogeneration, place here your cert-manager annotations. | `{}` | +| `query.ingress.grpc.extraHosts` | The list of additional hostnames to be covered with this ingress record. | `[]` | +| `query.ingress.grpc.extraTls` | The tls configuration for additional hostnames to be covered with this ingress record. | `[]` | +| `query.ingress.grpc.secrets` | If you're providing your own certificates, please use this to add the certificates as secrets | `[]` | +| `query.ingress.grpc.extraRules` | Additional rules to be covered with this ingress record | `[]` | +| `query.ingress.grpc.tls` | Enable TLS configuration for the hostname defined at `query.ingress.grpc.hostname` parameter | `false` | +| `query.ingress.grpc.selfSigned` | Create a TLS secret for this ingress record using self-signed certificates generated by Helm | `false` | +| `query.ingress.grpc.apiVersion` | Override API Version (automatically detected if not set) | `""` | +| `query.ingress.grpc.path` | Ingress Path | `/` | +| `query.ingress.grpc.pathType` | Ingress Path type | `ImplementationSpecific` | + +### Thanos Query Frontend parameters + +| Name | Description | Value | +| ----------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------ | +| `queryFrontend.enabled` | Enable/disable Thanos Query Frontend component | `true` | +| `queryFrontend.logLevel` | Thanos Query Frontend log level | `info` | +| `queryFrontend.logFormat` | Thanos Query Frontend log format | `logfmt` | +| `queryFrontend.config` | Thanos Query Frontend configuration | `""` | +| `queryFrontend.existingConfigmap` | Name of existing ConfigMap with Thanos Query Frontend configuration | `""` | +| `queryFrontend.extraEnvVars` | Extra environment variables for Thanos Query Frontend container | `[]` | +| `queryFrontend.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Thanos Query Frontend nodes | `""` | +| `queryFrontend.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Thanos Query Frontend nodes | `""` | +| `queryFrontend.extraFlags` | Extra Flags to passed to Thanos Query Frontend | `[]` | +| `queryFrontend.command` | Override default container command (useful when using custom images) | `[]` | +| `queryFrontend.args` | Override default container args (useful when using custom images) | `[]` | +| `queryFrontend.replicaCount` | Number of Thanos Query Frontend replicas to deploy | `1` | +| `queryFrontend.revisionHistoryLimit` | The number of old history to retain to allow rollback | `10` | +| `queryFrontend.updateStrategy.type` | Update strategy type for Thanos Query Frontend replicas | `RollingUpdate` | +| `queryFrontend.containerPorts.http` | HTTP container port | `9090` | +| `queryFrontend.podSecurityContext.enabled` | Enable security context for the Thanos Query Frontend pods | `true` | +| `queryFrontend.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `queryFrontend.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `queryFrontend.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `queryFrontend.podSecurityContext.fsGroup` | Group ID for the filesystem used by Thanos Query Frontend pods | `1001` | +| `queryFrontend.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | +| `queryFrontend.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `queryFrontend.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `queryFrontend.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` | +| `queryFrontend.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | +| `queryFrontend.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | +| `queryFrontend.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` | +| `queryFrontend.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | +| `queryFrontend.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | +| `queryFrontend.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `queryFrontend.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if queryFrontend.resources is set (queryFrontend.resources is recommended for production). | `nano` | +| `queryFrontend.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `queryFrontend.livenessProbe.enabled` | Enable livenessProbe on Thanos Query Frontend containers | `true` | +| `queryFrontend.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` | +| `queryFrontend.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `queryFrontend.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `30` | +| `queryFrontend.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | +| `queryFrontend.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `queryFrontend.readinessProbe.enabled` | Enable readinessProbe on Thanos Query Frontend containers | `true` | +| `queryFrontend.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | +| `queryFrontend.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `queryFrontend.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `30` | +| `queryFrontend.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | +| `queryFrontend.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `queryFrontend.startupProbe.enabled` | Enable startupProbe on Thanos Query Frontend containers | `false` | +| `queryFrontend.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | +| `queryFrontend.startupProbe.periodSeconds` | Period seconds for startupProbe | `5` | +| `queryFrontend.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | +| `queryFrontend.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | +| `queryFrontend.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `queryFrontend.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `queryFrontend.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `queryFrontend.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `queryFrontend.initContainers` | Add additional init containers to the Thanos Query Frontend pods | `[]` | +| `queryFrontend.sidecars` | Extra containers running as sidecars to Thanos Query Frontend pods | `[]` | +| `queryFrontend.extraVolumes` | Extra volumes to add to Thanos Query Frontend | `[]` | +| `queryFrontend.extraVolumeMounts` | Extra volume mounts to add to the query-frontend container | `[]` | +| `queryFrontend.podAffinityPreset` | Thanos Query Frontend pod affinity preset | `""` | +| `queryFrontend.podAntiAffinityPreset` | Thanos Query Frontend pod anti-affinity preset. Ignored if `queryFrontend.affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `queryFrontend.nodeAffinityPreset.type` | Thanos Query Frontend node affinity preset type. Ignored if `queryFrontend.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `queryFrontend.nodeAffinityPreset.key` | Thanos Query Frontend node label key to match. Ignored if `queryFrontend.affinity` is set. | `""` | +| `queryFrontend.nodeAffinityPreset.values` | Thanos Query Frontend node label values to match. Ignored if `queryFrontend.affinity` is set. | `[]` | +| `queryFrontend.affinity` | Thanos Query Frontend affinity for pod assignment | `{}` | +| `queryFrontend.nodeSelector` | Thanos Query Frontend node labels for pod assignment | `{}` | +| `queryFrontend.tolerations` | Thanos Query Frontend tolerations for pod assignment | `[]` | +| `queryFrontend.podLabels` | Thanos Query Frontend pod labels | `{}` | +| `queryFrontend.podAnnotations` | Annotations for Thanos Query Frontend pods | `{}` | +| `queryFrontend.dnsConfig` | Deployment pod DNS config | `{}` | +| `queryFrontend.dnsPolicy` | Deployment pod DNS policy | `""` | +| `queryFrontend.hostAliases` | Deployment pod host aliases | `[]` | +| `queryFrontend.lifecycleHooks` | for the Thanos Query Frontend container(s) to automate configuration before or after startup | `{}` | +| `queryFrontend.priorityClassName` | Thanos Query Frontend priorityClassName | `""` | +| `queryFrontend.schedulerName` | Name of the k8s scheduler (other than default) for Thanos Query Frontend pods | `""` | +| `queryFrontend.topologySpreadConstraints` | Topology Spread Constraints for Thanos Query Frontend pods assignment spread across your cluster among failure-domains | `[]` | +| `queryFrontend.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | +| `queryFrontend.networkPolicy.allowExternal` | Don't require client label for connections | `true` | +| `queryFrontend.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | +| `queryFrontend.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `queryFrontend.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `queryFrontend.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | +| `queryFrontend.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | +| `queryFrontend.service.type` | Kubernetes service type | `ClusterIP` | +| `queryFrontend.service.ports.http` | Thanos Query Frontend service HTTP port | `9090` | +| `queryFrontend.service.nodePorts.http` | Specify the Thanos Query Frontend HTTP nodePort value for the LoadBalancer and NodePort service types | `""` | +| `queryFrontend.service.clusterIP` | Thanos Query Frontend service clusterIP IP | `""` | +| `queryFrontend.service.loadBalancerIP` | Load balancer IP if service type is `LoadBalancer` | `""` | +| `queryFrontend.service.loadBalancerSourceRanges` | Address that are allowed when service is LoadBalancer | `[]` | +| `queryFrontend.service.externalTrafficPolicy` | Thanos Query Frontend service externalTrafficPolicy | `Cluster` | +| `queryFrontend.service.annotations` | Annotations for Thanos Query Frontend service | `{}` | +| `queryFrontend.service.labels` | Labels for Thanos Query Frontend service | `{}` | +| `queryFrontend.service.extraPorts` | Extra ports to expose in the Thanos Query Frontend service | `[]` | +| `queryFrontend.service.labelSelectorsOverride` | Selector for Thanos Query service | `{}` | +| `queryFrontend.automountServiceAccountToken` | Enable/disable auto mounting of the service account token only for the deployment | `true` | +| `queryFrontend.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | +| `queryFrontend.serviceAccount.name` | Name of the service account to use. If not set and create is true, a name is generated using the fullname template. | `""` | +| `queryFrontend.serviceAccount.annotations` | Annotations for Thanos Query Frontend Service Account | `{}` | +| `queryFrontend.serviceAccount.automountServiceAccountToken` | Enable/disable auto mounting of the service account token | `false` | +| `queryFrontend.rbac.create` | Create a ClusterRole and ClusterRoleBinding for the Thanos Query Frontend Service Account | `false` | +| `queryFrontend.rbac.rules` | Custom RBAC rules to set | `[]` | +| `queryFrontend.pspEnabled` | Whether to create a PodSecurityPolicy for Thanos Query Frontend | `false` | +| `queryFrontend.autoscaling.enabled` | Enable autoscaling for Thanos Query Frontend | `false` | +| `queryFrontend.autoscaling.minReplicas` | Minimum number of Thanos Query Frontend replicas | `""` | +| `queryFrontend.autoscaling.maxReplicas` | Maximum number of Thanos Query Frontend replicas | `""` | +| `queryFrontend.autoscaling.targetCPU` | Target CPU utilization percentage | `""` | +| `queryFrontend.autoscaling.targetMemory` | Target Memory utilization percentage | `""` | +| `queryFrontend.pdb.create` | Enable/disable a Pod Disruption Budget creation for Thanos Query Frontend | `true` | +| `queryFrontend.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `""` | +| `queryFrontend.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` | +| `queryFrontend.ingress.enabled` | Enable ingress controller resource | `false` | +| `queryFrontend.ingress.hostname` | Default host for the ingress resource | `thanos.local` | +| `queryFrontend.ingress.overrideAlertQueryURL` | Automatically use query-frontend's ingress hostname as --alert.queryURL for both Query and Ruler. | `true` | +| `queryFrontend.ingress.ingressClassName` | IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | `""` | +| `queryFrontend.ingress.annotations` | Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | `{}` | +| `queryFrontend.ingress.extraHosts` | The list of additional hostnames to be covered with this ingress record. | `[]` | +| `queryFrontend.ingress.extraTls` | The tls configuration for additional hostnames to be covered with this ingress record. | `[]` | +| `queryFrontend.ingress.secrets` | If you're providing your own certificates, please use this to add the certificates as secrets | `[]` | +| `queryFrontend.ingress.extraRules` | Additional rules to be covered with this ingress record | `[]` | +| `queryFrontend.ingress.tls` | Enable TLS configuration for the hostname defined at `queryFrontend.ingress.hostname` parameter | `false` | +| `queryFrontend.ingress.selfSigned` | Create a TLS secret for this ingress record using self-signed certificates generated by Helm | `false` | +| `queryFrontend.ingress.apiVersion` | Force Ingress API version (automatically detected if not set) | `""` | +| `queryFrontend.ingress.path` | Ingress path | `/` | +| `queryFrontend.ingress.pathType` | Ingress path type | `ImplementationSpecific` | + +### Thanos Bucket Web parameters + +| Name | Description | Value | +| ------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------ | +| `bucketweb.enabled` | Enable/disable Thanos Bucket Web component | `false` | +| `bucketweb.logLevel` | Thanos Bucket Web log level | `info` | +| `bucketweb.logFormat` | Thanos Bucket Web log format | `logfmt` | +| `bucketweb.refresh` | Refresh interval to download metadata from remote storage | `30m` | +| `bucketweb.timeout` | Timeout to download metadata from remote storage | `5m` | +| `bucketweb.extraEnvVars` | Extra environment variables for Thanos Bucket Web container | `[]` | +| `bucketweb.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Thanos Bucket Web nodes | `""` | +| `bucketweb.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Thanos Bucket Web nodes | `""` | +| `bucketweb.extraFlags` | Extra Flags to passed to Thanos Bucket Web | `[]` | +| `bucketweb.command` | Override default container command (useful when using custom images) | `[]` | +| `bucketweb.args` | Override default container args (useful when using custom images) | `[]` | +| `bucketweb.replicaCount` | Number of Thanos Bucket Web replicas to deploy | `1` | +| `bucketweb.revisionHistoryLimit` | The number of old history to retain to allow rollback | `10` | +| `bucketweb.updateStrategy.type` | Update strategy type for Thanos Bucket Web replicas | `RollingUpdate` | +| `bucketweb.containerPorts.http` | HTTP container port | `8080` | +| `bucketweb.podSecurityContext.enabled` | Enable security context for the Thanos Bucket Web pods | `true` | +| `bucketweb.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `bucketweb.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `bucketweb.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `bucketweb.podSecurityContext.fsGroup` | Group ID for the filesystem used by Thanos Bucket Web pods | `1001` | +| `bucketweb.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | +| `bucketweb.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `bucketweb.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `bucketweb.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` | +| `bucketweb.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | +| `bucketweb.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | +| `bucketweb.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` | +| `bucketweb.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | +| `bucketweb.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | +| `bucketweb.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `bucketweb.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if bucketweb.resources is set (bucketweb.resources is recommended for production). | `nano` | +| `bucketweb.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `bucketweb.livenessProbe.enabled` | Enable livenessProbe on Thanos Bucket Web containers | `true` | +| `bucketweb.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` | +| `bucketweb.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `bucketweb.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `30` | +| `bucketweb.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | +| `bucketweb.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `bucketweb.readinessProbe.enabled` | Enable readinessProbe on Thanos Bucket Web containers | `true` | +| `bucketweb.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | +| `bucketweb.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `bucketweb.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `30` | +| `bucketweb.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | +| `bucketweb.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `bucketweb.startupProbe.enabled` | Enable startupProbe on Thanos Bucket Web containers | `false` | +| `bucketweb.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | +| `bucketweb.startupProbe.periodSeconds` | Period seconds for startupProbe | `5` | +| `bucketweb.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | +| `bucketweb.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | +| `bucketweb.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `bucketweb.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `bucketweb.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `bucketweb.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `bucketweb.initContainers` | Add additional init containers to the Thanos Bucket Web pods | `[]` | +| `bucketweb.sidecars` | Extra containers running as sidecars to Thanos Bucket Web pods | `[]` | +| `bucketweb.extraVolumes` | Extra volumes to add to Bucket Web | `[]` | +| `bucketweb.extraVolumeMounts` | Extra volume mounts to add to the bucketweb container | `[]` | +| `bucketweb.podAffinityPreset` | Thanos Bucket Web pod affinity preset | `""` | +| `bucketweb.podAntiAffinityPreset` | Thanos Bucket Web pod anti-affinity preset. Ignored if `bucketweb.affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `bucketweb.nodeAffinityPreset.type` | Thanos Bucket Web node affinity preset type. Ignored if `bucketweb.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `bucketweb.nodeAffinityPreset.key` | Thanos Bucket Web node label key to match. Ignored if `bucketweb.affinity` is set. | `""` | +| `bucketweb.nodeAffinityPreset.values` | Thanos Bucket Web node label values to match. Ignored if `bucketweb.affinity` is set. | `[]` | +| `bucketweb.affinity` | Thanos Bucket Web affinity for pod assignment | `{}` | +| `bucketweb.nodeSelector` | Thanos Bucket Web node labels for pod assignment | `{}` | +| `bucketweb.tolerations` | Thanos Bucket Web tolerations for pod assignment | `[]` | +| `bucketweb.podLabels` | Thanos Bucket Web pod labels | `{}` | +| `bucketweb.podAnnotations` | Annotations for Thanos Bucket Web pods | `{}` | +| `bucketweb.dnsConfig` | Deployment pod DNS config | `{}` | +| `bucketweb.dnsPolicy` | Deployment pod DNS policy | `""` | +| `bucketweb.hostAliases` | Deployment pod host aliases | `[]` | +| `bucketweb.lifecycleHooks` | for the Thanos Bucket Web container(s) to automate configuration before or after startup | `{}` | +| `bucketweb.priorityClassName` | Thanos Bucket Web priorityClassName | `""` | +| `bucketweb.schedulerName` | Name of the k8s scheduler (other than default) for Thanos Bucket Web pods | `""` | +| `bucketweb.topologySpreadConstraints` | Topology Spread Constraints for Thanos Bucket Web pods assignment spread across your cluster among failure-domains | `[]` | +| `bucketweb.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | +| `bucketweb.networkPolicy.allowExternal` | Don't require client label for connections | `true` | +| `bucketweb.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | +| `bucketweb.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `bucketweb.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `bucketweb.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | +| `bucketweb.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | +| `bucketweb.service.type` | Kubernetes service type | `ClusterIP` | +| `bucketweb.service.ports.http` | Thanos Bucket Web service HTTP port | `8080` | +| `bucketweb.service.nodePorts.http` | Specify the Thanos Bucket Web HTTP nodePort value for the LoadBalancer and NodePort service types | `""` | +| `bucketweb.service.clusterIP` | Thanos Bucket Web service clusterIP IP | `""` | +| `bucketweb.service.loadBalancerIP` | Load balancer IP if service type is `LoadBalancer` | `""` | +| `bucketweb.service.loadBalancerSourceRanges` | Address that are allowed when service is LoadBalancer | `[]` | +| `bucketweb.service.externalTrafficPolicy` | Thanos Bucket Web service externalTrafficPolicy | `Cluster` | +| `bucketweb.service.labels` | Extra labels for Thanos Bucket Web service | `{}` | +| `bucketweb.service.annotations` | Annotations for Thanos Bucket Web service | `{}` | +| `bucketweb.service.extraPorts` | Extra ports to expose in the Thanos Bucket Web service | `[]` | +| `bucketweb.service.labelSelectorsOverride` | Selector for Thanos Query service | `{}` | +| `bucketweb.automountServiceAccountToken` | Enable/disable auto mounting of the service account token only for the deployment | `true` | +| `bucketweb.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | +| `bucketweb.serviceAccount.name` | Name of the service account to use. If not set and create is true, a name is generated using the fullname template. | `""` | +| `bucketweb.serviceAccount.annotations` | Annotations for Thanos Bucket Web Service Account | `{}` | +| `bucketweb.serviceAccount.automountServiceAccountToken` | Enable/disable auto mounting of the service account token | `false` | +| `bucketweb.autoscaling.enabled` | Enable autoscaling for Thanos Bucket Web | `false` | +| `bucketweb.autoscaling.minReplicas` | Minimum number of Thanos Bucket Web replicas | `""` | +| `bucketweb.autoscaling.maxReplicas` | Maximum number of Thanos Bucket Web replicas | `""` | +| `bucketweb.autoscaling.targetCPU` | Target CPU utilization percentage | `""` | +| `bucketweb.autoscaling.targetMemory` | Target Memory utilization percentage | `""` | +| `bucketweb.pdb.create` | Enable/disable a Pod Disruption Budget creation for Thanos Bucket Web | `true` | +| `bucketweb.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `""` | +| `bucketweb.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` | +| `bucketweb.ingress.enabled` | Enable ingress controller resource | `false` | +| `bucketweb.ingress.hostname` | Default host for the ingress resource | `thanos-bucketweb.local` | +| `bucketweb.ingress.ingressClassName` | IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | `""` | +| `bucketweb.ingress.annotations` | Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | `{}` | +| `bucketweb.ingress.extraHosts` | The list of additional hostnames to be covered with this ingress record. | `[]` | +| `bucketweb.ingress.extraTls` | The tls configuration for additional hostnames to be covered with this ingress record. | `[]` | +| `bucketweb.ingress.secrets` | If you're providing your own certificates, please use this to add the certificates as secrets | `[]` | +| `bucketweb.ingress.extraRules` | Additional rules to be covered with this ingress record | `[]` | +| `bucketweb.ingress.tls` | Enable TLS configuration for the hostname defined at `bucketweb.ingress.hostname` parameter | `false` | +| `bucketweb.ingress.selfSigned` | Create a TLS secret for this ingress record using self-signed certificates generated by Helm | `false` | +| `bucketweb.ingress.apiVersion` | Force Ingress API version (automatically detected if not set) | `""` | +| `bucketweb.ingress.path` | Ingress path | `/` | +| `bucketweb.ingress.pathType` | Ingress path type | `ImplementationSpecific` | + +### Thanos Compactor parameters + +| Name | Description | Value | +| ------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------ | +| `compactor.enabled` | Enable/disable Thanos Compactor component | `false` | +| `compactor.logLevel` | Thanos Compactor log level | `info` | +| `compactor.logFormat` | Thanos Compactor log format | `logfmt` | +| `compactor.retentionResolutionRaw` | Resolution and Retention flag | `30d` | +| `compactor.retentionResolution5m` | Resolution and Retention flag | `30d` | +| `compactor.retentionResolution1h` | Resolution and Retention flag | `10y` | +| `compactor.consistencyDelay` | Minimum age of fresh (non-compacted) blocks before they are being processed | `30m` | +| `compactor.extraEnvVars` | Extra environment variables for Thanos Compactor container | `[]` | +| `compactor.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Thanos Compactor nodes | `""` | +| `compactor.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Thanos Compactor nodes | `""` | +| `compactor.extraFlags` | Extra Flags to passed to Thanos Compactor | `[]` | +| `compactor.command` | Override default container command (useful when using custom images) | `[]` | +| `compactor.args` | Override default container args (useful when using custom images) | `[]` | +| `compactor.revisionHistoryLimit` | The number of old history to retain to allow rollback | `10` | +| `compactor.cronJob.enabled` | Run compactor as a CronJob rather than a Deployment | `false` | +| `compactor.cronJob.schedule` | The schedule in Cron format, see | `0 */6 * * *` | +| `compactor.cronJob.timeZone` | The time zone name for the given schedule, see | `""` | +| `compactor.cronJob.concurrencyPolicy` | Specifies how to treat concurrent executions of a Job | `Forbid` | +| `compactor.cronJob.startingDeadlineSeconds` | Optional deadline in seconds for starting the job if it misses scheduled time for any reason | `""` | +| `compactor.cronJob.suspend` | This flag tells the controller to suspend subsequent executions | `""` | +| `compactor.cronJob.successfulJobsHistoryLimit` | The number of successful finished jobs to retain | `""` | +| `compactor.cronJob.failedJobsHistoryLimit` | The number of failed finished jobs to retain | `""` | +| `compactor.cronJob.backoffLimit` | The number of retries before marking this job failed | `""` | +| `compactor.cronJob.ttlSecondsAfterFinished` | The maximum retention before removing the job | `""` | +| `compactor.restartPolicy` | Compactor container restart policy. | `""` | +| `compactor.updateStrategy.type` | Update strategy type for Thanos Compactor replicas | `Recreate` | +| `compactor.containerPorts.http` | HTTP container port | `10902` | +| `compactor.podSecurityContext.enabled` | Enable security context for the Thanos Compactor pods | `true` | +| `compactor.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `compactor.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `compactor.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `compactor.podSecurityContext.fsGroup` | Group ID for the filesystem used by Thanos Compactor pods | `1001` | +| `compactor.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | +| `compactor.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `compactor.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `compactor.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` | +| `compactor.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | +| `compactor.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | +| `compactor.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` | +| `compactor.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | +| `compactor.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | +| `compactor.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `compactor.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if compactor.resources is set (compactor.resources is recommended for production). | `nano` | +| `compactor.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `compactor.livenessProbe.enabled` | Enable livenessProbe on Thanos Compactor containers | `true` | +| `compactor.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` | +| `compactor.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `compactor.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `30` | +| `compactor.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | +| `compactor.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `compactor.readinessProbe.enabled` | Enable readinessProbe on Thanos Compactor containers | `true` | +| `compactor.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | +| `compactor.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `compactor.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `30` | +| `compactor.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | +| `compactor.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `compactor.startupProbe.enabled` | Enable startupProbe on Thanos Compactor containers | `false` | +| `compactor.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | +| `compactor.startupProbe.periodSeconds` | Period seconds for startupProbe | `5` | +| `compactor.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | +| `compactor.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | +| `compactor.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `compactor.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `compactor.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `compactor.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `compactor.initContainers` | Add additional init containers to the Thanos Compactor pods | `[]` | +| `compactor.sidecars` | Extra containers running as sidecars to Thanos Compactor pods | `[]` | +| `compactor.extraVolumes` | Extra volumes to add to Thanos Compactor | `[]` | +| `compactor.extraVolumeMounts` | Extra volume mounts to add to the compactor container | `[]` | +| `compactor.podAffinityPreset` | Thanos Compactor pod affinity preset | `""` | +| `compactor.podAntiAffinityPreset` | Thanos Compactor pod anti-affinity preset. Ignored if `compactor.affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `compactor.nodeAffinityPreset.type` | Thanos Compactor node affinity preset type. Ignored if `compactor.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `compactor.nodeAffinityPreset.key` | Thanos Compactor node label key to match. Ignored if `compactor.affinity` is set. | `""` | +| `compactor.nodeAffinityPreset.values` | Thanos Compactor node label values to match. Ignored if `compactor.affinity` is set. | `[]` | +| `compactor.affinity` | Thanos Compactor affinity for pod assignment | `{}` | +| `compactor.nodeSelector` | Thanos Compactor node labels for pod assignment | `{}` | +| `compactor.tolerations` | Thanos Compactor tolerations for pod assignment | `[]` | +| `compactor.podLabels` | Thanos Compactor pod labels | `{}` | +| `compactor.podAnnotations` | Annotations for Thanos Compactor pods | `{}` | +| `compactor.dnsConfig` | Deployment pod DNS config | `{}` | +| `compactor.dnsPolicy` | Deployment pod DNS policy | `""` | +| `compactor.hostAliases` | Deployment pod host aliases | `[]` | +| `compactor.lifecycleHooks` | for the Thanos Compactor container(s) to automate configuration before or after startup | `{}` | +| `compactor.priorityClassName` | Thanos Compactor priorityClassName | `""` | +| `compactor.schedulerName` | Name of the k8s scheduler (other than default) for Thanos Compactor pods | `""` | +| `compactor.topologySpreadConstraints` | Topology Spread Constraints for Thanos Compactor pods assignment spread across your cluster among failure-domains | `[]` | +| `compactor.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | +| `compactor.networkPolicy.allowExternal` | Don't require client label for connections | `true` | +| `compactor.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | +| `compactor.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `compactor.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `compactor.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | +| `compactor.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | +| `compactor.service.type` | Kubernetes service type | `ClusterIP` | +| `compactor.service.ports.http` | Thanos Compactor service HTTP port | `9090` | +| `compactor.service.nodePorts.http` | Specify the Thanos Compactor HTTP nodePort value for the LoadBalancer and NodePort service types | `""` | +| `compactor.service.clusterIP` | Thanos Compactor service clusterIP IP | `""` | +| `compactor.service.loadBalancerIP` | Load balancer IP if service type is `LoadBalancer` | `""` | +| `compactor.service.loadBalancerSourceRanges` | Addresses that are allowed when service is LoadBalancer | `[]` | +| `compactor.service.externalTrafficPolicy` | Thanos Compactor service externalTrafficPolicy | `Cluster` | +| `compactor.service.labels` | Labels for Thanos Compactor service | `{}` | +| `compactor.service.annotations` | Annotations for Thanos Compactor service | `{}` | +| `compactor.service.extraPorts` | Extra ports to expose in the Thanos Compactor service | `[]` | +| `compactor.service.labelSelectorsOverride` | Selector for Thanos Query service | `{}` | +| `compactor.automountServiceAccountToken` | Enable/disable auto mounting of the service account token only for the deployment | `true` | +| `compactor.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | +| `compactor.serviceAccount.name` | Name of the service account to use. If not set and create is true, a name is generated using the fullname template. | `""` | +| `compactor.serviceAccount.annotations` | Annotations for Thanos Compactor Service Account | `{}` | +| `compactor.serviceAccount.automountServiceAccountToken` | Enable/disable auto mounting of the service account token | `false` | +| `compactor.ingress.enabled` | Enable ingress controller resource | `false` | +| `compactor.ingress.hostname` | Default host for the ingress resource | `thanos-compactor.local` | +| `compactor.ingress.ingressClassName` | IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | `""` | +| `compactor.ingress.annotations` | Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | `{}` | +| `compactor.ingress.extraHosts` | The list of additional hostnames to be covered with this ingress record. | `[]` | +| `compactor.ingress.extraTls` | The tls configuration for additional hostnames to be covered with this ingress record. | `[]` | +| `compactor.ingress.secrets` | If you're providing your own certificates, please use this to add the certificates as secrets | `[]` | +| `compactor.ingress.extraRules` | Additional rules to be covered with this ingress record | `[]` | +| `compactor.ingress.tls` | Enable TLS configuration for the hostname defined at `compactor.ingress.hostname` parameter | `false` | +| `compactor.ingress.selfSigned` | Create a TLS secret for this ingress record using self-signed certificates generated by Helm | `false` | +| `compactor.ingress.apiVersion` | Force Ingress API version (automatically detected if not set) | `""` | +| `compactor.ingress.path` | Ingress path | `/` | +| `compactor.ingress.pathType` | Ingress path type | `ImplementationSpecific` | +| `compactor.persistence.enabled` | Enable data persistence using PVC(s) on Thanos Compactor pods | `true` | +| `compactor.persistence.ephemeral` | Use ephemeral volume for data persistence using PVC(s) on Thanos Compactor pods | `false` | +| `compactor.persistence.defaultEmptyDir` | Defaults to emptyDir if persistence is disabled. | `true` | +| `compactor.persistence.storageClass` | Specify the `storageClass` used to provision the volume | `""` | +| `compactor.persistence.accessModes` | PVC Access Modes for data volume | `["ReadWriteOnce"]` | +| `compactor.persistence.size` | PVC Storage Request for data volume | `8Gi` | +| `compactor.persistence.labels` | Labels for the PVC | `{}` | +| `compactor.persistence.annotations` | Annotations for the PVC | `{}` | +| `compactor.persistence.existingClaim` | Name of an existing PVC to use | `""` | + +### Thanos Store Gateway parameters + +| Name | Description | Value | +| ---------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------- | +| `storegateway.enabled` | Enable/disable Thanos Store Gateway component | `false` | +| `storegateway.logLevel` | Thanos Store Gateway log level | `info` | +| `storegateway.logFormat` | Thanos Store Gateway log format | `logfmt` | +| `storegateway.useEndpointGroup` | Specify whether to use `endpoint-group` when querying the Store API of HA Store Gateway replicas | `false` | +| `storegateway.config` | Thanos Store Gateway configuration | `""` | +| `storegateway.existingConfigmap` | Name of existing ConfigMap with Thanos Store Gateway configuration | `""` | +| `storegateway.grpc.server.tls.enabled` | Enable TLS encryption in the GRPC server | `false` | +| `storegateway.grpc.server.tls.autoGenerated` | Create self-signed TLS certificates. Currently only supports PEM certificates | `false` | +| `storegateway.grpc.server.tls.cert` | TLS Certificate for GRPC server - ignored if existingSecret is provided | `""` | +| `storegateway.grpc.server.tls.key` | TLS Key for GRPC server - ignored if existingSecret is provided | `""` | +| `storegateway.grpc.server.tls.ca` | TLS CA to verify clients against - ignored if existingSecret is provided | `""` | +| `storegateway.grpc.server.tls.clientAuthEnabled` | Enable TLS client verification against provided CA | `true` | +| `storegateway.grpc.server.tls.existingSecret` | Existing secret containing your own TLS certificates | `{}` | +| `storegateway.extraEnvVars` | Extra environment variables for Thanos Store Gateway container | `[]` | +| `storegateway.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Thanos Store Gateway nodes | `""` | +| `storegateway.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Thanos Store Gateway nodes | `""` | +| `storegateway.extraFlags` | Extra Flags to passed to Thanos Store Gateway | `[]` | +| `storegateway.command` | Override default container command (useful when using custom images) | `[]` | +| `storegateway.args` | Override default container args (useful when using custom images) | `[]` | +| `storegateway.replicaCount` | Number of Thanos Store Gateway replicas to deploy | `1` | +| `storegateway.revisionHistoryLimit` | The number of old history to retain to allow rollback | `10` | +| `storegateway.updateStrategy.type` | Update strategy type for Thanos Store Gateway replicas | `RollingUpdate` | +| `storegateway.podManagementPolicy` | Statefulset Pod management policy: OrderedReady (default) or Parallel | `OrderedReady` | +| `storegateway.containerPorts.http` | HTTP container port | `10902` | +| `storegateway.containerPorts.grpc` | GRPC container port | `10901` | +| `storegateway.podSecurityContext.enabled` | Enable security context for the Thanos Store Gateway pods | `true` | +| `storegateway.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `storegateway.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `storegateway.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `storegateway.podSecurityContext.fsGroup` | Group ID for the filesystem used by Thanos Store Gateway pods | `1001` | +| `storegateway.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | +| `storegateway.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `storegateway.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `storegateway.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` | +| `storegateway.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | +| `storegateway.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | +| `storegateway.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` | +| `storegateway.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | +| `storegateway.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | +| `storegateway.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `storegateway.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if storegateway.resources is set (storegateway.resources is recommended for production). | `nano` | +| `storegateway.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `storegateway.livenessProbe.enabled` | Enable livenessProbe on Thanos Store Gateway containers | `true` | +| `storegateway.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` | +| `storegateway.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `storegateway.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `30` | +| `storegateway.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | +| `storegateway.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `storegateway.readinessProbe.enabled` | Enable readinessProbe on Thanos Store Gateway containers | `true` | +| `storegateway.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | +| `storegateway.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `storegateway.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `30` | +| `storegateway.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | +| `storegateway.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `storegateway.startupProbe.enabled` | Enable startupProbe on Thanos Store Gateway containers | `false` | +| `storegateway.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | +| `storegateway.startupProbe.periodSeconds` | Period seconds for startupProbe | `5` | +| `storegateway.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | +| `storegateway.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | +| `storegateway.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `storegateway.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `storegateway.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `storegateway.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `storegateway.initContainers` | Add additional init containers to the Thanos Store Gateway pods | `[]` | +| `storegateway.sidecars` | Extra containers running as sidecars to Thanos Store Gateway pods | `[]` | +| `storegateway.extraVolumes` | Extra volumes to add to Thanos Store Gateway | `[]` | +| `storegateway.extraVolumeMounts` | Extra volume mounts to add to the storegateway container | `[]` | +| `storegateway.podAffinityPreset` | Thanos Store Gateway pod affinity preset | `""` | +| `storegateway.podAntiAffinityPreset` | Thanos Store Gateway pod anti-affinity preset. Ignored if `storegateway.affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `storegateway.nodeAffinityPreset.type` | Thanos Store Gateway node affinity preset type. Ignored if `storegateway.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `storegateway.nodeAffinityPreset.key` | Thanos Store Gateway node label key to match. Ignored if `storegateway.affinity` is set. | `""` | +| `storegateway.nodeAffinityPreset.values` | Thanos Store Gateway node label values to match. Ignored if `storegateway.affinity` is set. | `[]` | +| `storegateway.affinity` | Thanos Store Gateway affinity for pod assignment | `{}` | +| `storegateway.nodeSelector` | Thanos Store Gateway node labels for pod assignment | `{}` | +| `storegateway.tolerations` | Thanos Store Gateway tolerations for pod assignment | `[]` | +| `storegateway.podLabels` | Thanos Store Gateway pod labels | `{}` | +| `storegateway.podAnnotations` | Annotations for Thanos Store Gateway pods | `{}` | +| `storegateway.dnsConfig` | Deployment pod DNS config | `{}` | +| `storegateway.dnsPolicy` | Deployment pod DNS policy | `""` | +| `storegateway.hostAliases` | Deployment pod host aliases | `[]` | +| `storegateway.lifecycleHooks` | for the Thanos Store Gateway container(s) to automate configuration before or after startup | `{}` | +| `storegateway.priorityClassName` | Thanos Store Gateway priorityClassName | `""` | +| `storegateway.topologySpreadConstraints` | Topology Spread Constraints for Thanos Store Gateway pods assignment spread across your cluster among failure-domains | `[]` | +| `storegateway.schedulerName` | Name of the k8s scheduler (other than default) for Thanos Store Gateway pods | `""` | +| `storegateway.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | +| `storegateway.networkPolicy.allowExternal` | Don't require client label for connections | `true` | +| `storegateway.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | +| `storegateway.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `storegateway.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `storegateway.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | +| `storegateway.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | +| `storegateway.service.type` | Kubernetes service type | `ClusterIP` | +| `storegateway.service.ports.http` | Thanos Store Gateway service HTTP port | `9090` | +| `storegateway.service.ports.grpc` | Thanos Store Gateway service GRPC port | `10901` | +| `storegateway.service.nodePorts.http` | Specify the Thanos Store Gateway HTTP nodePort value for the LoadBalancer and NodePort service types | `""` | +| `storegateway.service.nodePorts.grpc` | Specify the Thanos Store Gateway GRPC nodePort value for the LoadBalancer and NodePort service types | `""` | +| `storegateway.service.clusterIP` | Thanos Store Gateway service clusterIP IP | `""` | +| `storegateway.service.loadBalancerIP` | Load balancer IP if service type is `LoadBalancer` | `""` | +| `storegateway.service.loadBalancerSourceRanges` | Addresses that are allowed when service is LoadBalancer | `[]` | +| `storegateway.service.externalTrafficPolicy` | Thanos Store Gateway service externalTrafficPolicy | `Cluster` | +| `storegateway.service.labels` | Extra labels for Thanos Store Gateway service | `{}` | +| `storegateway.service.annotations` | Annotations for Thanos Store Gateway service | `{}` | +| `storegateway.service.extraPorts` | Extra ports to expose in the Thanos Store Gateway service | `[]` | +| `storegateway.service.labelSelectorsOverride` | Selector for Thanos Query service | `{}` | +| `storegateway.service.additionalHeadless` | Additional Headless service | `false` | +| `storegateway.service.headless.annotations` | Annotations for the headless service. | `{}` | +| `storegateway.persistence.enabled` | Enable data persistence using PVC(s) on Thanos Store Gateway pods | `true` | +| `storegateway.persistence.storageClass` | Specify the `storageClass` used to provision the volume | `""` | +| `storegateway.persistence.accessModes` | PVC Access Modes for data volume | `["ReadWriteOnce"]` | +| `storegateway.persistence.size` | PVC Storage Request for data volume | `8Gi` | +| `storegateway.persistence.labels` | Labels for the PVC | `{}` | +| `storegateway.persistence.annotations` | Annotations for the PVC | `{}` | +| `storegateway.persistence.existingClaim` | Name of an existing PVC to use | `""` | +| `storegateway.persistentVolumeClaimRetentionPolicy.enabled` | Enable Persistent volume retention policy for Thanos Store Gateway Statefulset | `false` | +| `storegateway.persistentVolumeClaimRetentionPolicy.whenScaled` | Volume retention behavior when the replica count of the StatefulSet is reduced | `Retain` | +| `storegateway.persistentVolumeClaimRetentionPolicy.whenDeleted` | Volume retention behavior that applies when the StatefulSet is deleted | `Retain` | +| `storegateway.automountServiceAccountToken` | Enable/disable auto mounting of the service account token only for the sts | `true` | +| `storegateway.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | +| `storegateway.serviceAccount.name` | Name of the service account to use. If not set and create is true, a name is generated using the fullname template. | `""` | +| `storegateway.serviceAccount.annotations` | Annotations for Thanos Store Gateway Service Account | `{}` | +| `storegateway.serviceAccount.automountServiceAccountToken` | Enable/disable auto mounting of the service account token | `false` | +| `storegateway.autoscaling.enabled` | Enable autoscaling for Thanos Store Gateway | `false` | +| `storegateway.autoscaling.minReplicas` | Minimum number of Thanos Store Gateway replicas | `""` | +| `storegateway.autoscaling.maxReplicas` | Maximum number of Thanos Store Gateway replicas | `""` | +| `storegateway.autoscaling.targetCPU` | Target CPU utilization percentage | `""` | +| `storegateway.autoscaling.targetMemory` | Target Memory utilization percentage | `""` | +| `storegateway.pdb.create` | Enable/disable a Pod Disruption Budget creation for Thanos Store Gateway | `true` | +| `storegateway.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `""` | +| `storegateway.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` | +| `storegateway.ingress.enabled` | Enable ingress controller resource | `false` | +| `storegateway.ingress.hostname` | Default host for the ingress resource | `thanos-storegateway.local` | +| `storegateway.ingress.ingressClassName` | IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | `""` | +| `storegateway.ingress.annotations` | Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | `{}` | +| `storegateway.ingress.extraHosts` | The list of additional hostnames to be covered with this ingress record. | `[]` | +| `storegateway.ingress.extraTls` | The tls configuration for additional hostnames to be covered with this ingress record. | `[]` | +| `storegateway.ingress.secrets` | If you're providing your own certificates, please use this to add the certificates as secrets | `[]` | +| `storegateway.ingress.extraRules` | Additional rules to be covered with this ingress record | `[]` | +| `storegateway.ingress.tls` | Enable TLS configuration for the hostname defined at `storegateway.ingress.hostname` parameter | `false` | +| `storegateway.ingress.selfSigned` | Create a TLS secret for this ingress record using self-signed certificates generated by Helm | `false` | +| `storegateway.ingress.apiVersion` | Force Ingress API version (automatically detected if not set) | `""` | +| `storegateway.ingress.path` | Ingress path | `/` | +| `storegateway.ingress.pathType` | Ingress path type | `ImplementationSpecific` | +| `storegateway.ingress.grpc.enabled` | Enable ingress controller resource (GRPC) | `false` | +| `storegateway.ingress.grpc.hostname` | Default host for the ingress resource (GRPC) | `thanos-grpc.local` | +| `storegateway.ingress.grpc.ingressClassName` | IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | `""` | +| `storegateway.ingress.grpc.annotations` | Additional annotations for the Ingress resource (GRPC). To enable certificate autogeneration, place here your cert-manager annotations. | `{}` | +| `storegateway.ingress.grpc.extraHosts` | The list of additional hostnames to be covered with this ingress record. | `[]` | +| `storegateway.ingress.grpc.extraTls` | The tls configuration for additional hostnames to be covered with this ingress record. | `[]` | +| `storegateway.ingress.grpc.secrets` | If you're providing your own certificates, please use this to add the certificates as secrets | `[]` | +| `storegateway.ingress.grpc.extraRules` | Additional rules to be covered with this ingress record | `[]` | +| `storegateway.ingress.grpc.tls` | Enable TLS configuration for the hostname defined at `storegateway.ingress.grpc.hostname` parameter | `false` | +| `storegateway.ingress.grpc.selfSigned` | Create a TLS secret for this ingress record using self-signed certificates generated by Helm | `false` | +| `storegateway.ingress.grpc.apiVersion` | Override API Version (automatically detected if not set) | `""` | +| `storegateway.ingress.grpc.path` | Ingress Path | `/` | +| `storegateway.ingress.grpc.pathType` | Ingress Path type | `ImplementationSpecific` | +| `storegateway.sharded.enabled` | Enable sharding for Thanos Store Gateway | `false` | +| `storegateway.sharded.hashPartitioning.shards` | Setting hashPartitioning will create multiple store statefulsets based on the number of shards specified using the hashmod of the blocks | `""` | +| `storegateway.sharded.timePartitioning` | Setting time timePartitioning will create multiple store deployments based on the number of partitions | `[]` | +| `storegateway.sharded.service.clusterIPs` | Array of cluster IPs for each Store Gateway service. Length must be the same as the number of shards | `[]` | +| `storegateway.sharded.service.loadBalancerIPs` | Array of load balancer IPs for each Store Gateway service. Length must be the same as the number of shards | `[]` | +| `storegateway.sharded.service.http.nodePorts` | Array of http node ports used for Store Gateway service. Length must be the same as the number of shards | `[]` | +| `storegateway.sharded.service.grpc.nodePorts` | Array of grpc node ports used for Store Gateway service. Length must be the same as the number of shards | `[]` | + +### Thanos Ruler parameters + +| Name | Description | Value | +| --------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------ | +| `ruler.enabled` | Enable/disable Thanos Ruler component | `false` | +| `ruler.logLevel` | Thanos Ruler log level | `info` | +| `ruler.logFormat` | Thanos Ruler log format | `logfmt` | +| `ruler.replicaLabel` | Label to treat as a replica indicator along which data is de-duplicated | `replica` | +| `ruler.dnsDiscovery.enabled` | Dynamically configure Query APIs using DNS discovery | `true` | +| `ruler.queryURL` | Thanos query/query-frontend URL to link in Ruler UI. | `""` | +| `ruler.alertmanagers` | Alert managers URLs array | `[]` | +| `ruler.alertmanagersConfig` | Alert managers configuration | `""` | +| `ruler.evalInterval` | The default evaluation interval to use | `1m` | +| `ruler.clusterName` | Used to set the 'ruler_cluster' label | `""` | +| `ruler.config` | Ruler configuration | `""` | +| `ruler.existingConfigmap` | Name of existing ConfigMap with Ruler configuration | `""` | +| `ruler.extraEnvVars` | Extra environment variables for Thanos Ruler container | `[]` | +| `ruler.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Thanos Ruler nodes | `""` | +| `ruler.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Thanos Ruler nodes | `""` | +| `ruler.extraFlags` | Extra Flags to passed to Thanos Ruler | `[]` | +| `ruler.command` | Override default container command (useful when using custom images) | `[]` | +| `ruler.args` | Override default container args (useful when using custom images) | `[]` | +| `ruler.replicaCount` | Number of Thanos Ruler replicas to deploy | `1` | +| `ruler.revisionHistoryLimit` | The number of old history to retain to allow rollback | `10` | +| `ruler.updateStrategy.type` | Update strategy type for Thanos Ruler replicas | `RollingUpdate` | +| `ruler.podManagementPolicy` | Statefulset Pod Management Policy Type | `OrderedReady` | +| `ruler.containerPorts.http` | HTTP container port | `10902` | +| `ruler.containerPorts.grpc` | GRPC container port | `10901` | +| `ruler.podSecurityContext.enabled` | Enable security context for the Thanos Ruler pods | `true` | +| `ruler.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `ruler.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `ruler.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `ruler.podSecurityContext.fsGroup` | Group ID for the filesystem used by Thanos Ruler pods | `1001` | +| `ruler.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | +| `ruler.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `ruler.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `ruler.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` | +| `ruler.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | +| `ruler.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | +| `ruler.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` | +| `ruler.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | +| `ruler.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | +| `ruler.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `ruler.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if ruler.resources is set (ruler.resources is recommended for production). | `nano` | +| `ruler.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `ruler.livenessProbe.enabled` | Enable livenessProbe on Thanos Ruler containers | `true` | +| `ruler.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` | +| `ruler.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `ruler.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `30` | +| `ruler.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | +| `ruler.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `ruler.readinessProbe.enabled` | Enable readinessProbe on Thanos Ruler containers | `true` | +| `ruler.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | +| `ruler.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `ruler.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `30` | +| `ruler.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | +| `ruler.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `ruler.startupProbe.enabled` | Enable startupProbe on Thanos Ruler containers | `false` | +| `ruler.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | +| `ruler.startupProbe.periodSeconds` | Period seconds for startupProbe | `5` | +| `ruler.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | +| `ruler.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | +| `ruler.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `ruler.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `ruler.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `ruler.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `ruler.initContainers` | Add additional init containers to the Thanos Ruler pods | `[]` | +| `ruler.sidecars` | Extra containers running as sidecars to Thanos Ruler pods | `[]` | +| `ruler.extraVolumes` | Extra volumes to add to Thanos Ruler | `[]` | +| `ruler.extraVolumeMounts` | Extra volume mounts to add to the ruler container | `[]` | +| `ruler.podAffinityPreset` | Thanos Ruler pod affinity preset | `""` | +| `ruler.podAntiAffinityPreset` | Thanos Ruler pod anti-affinity preset. Ignored if `ruler.affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `ruler.nodeAffinityPreset.type` | Thanos Ruler node affinity preset type. Ignored if `ruler.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `ruler.nodeAffinityPreset.key` | Thanos Ruler node label key to match. Ignored if `ruler.affinity` is set. | `""` | +| `ruler.nodeAffinityPreset.values` | Thanos Ruler node label values to match. Ignored if `ruler.affinity` is set. | `[]` | +| `ruler.affinity` | Thanos Ruler affinity for pod assignment | `{}` | +| `ruler.nodeSelector` | Thanos Ruler node labels for pod assignment | `{}` | +| `ruler.tolerations` | Thanos Ruler tolerations for pod assignment | `[]` | +| `ruler.podLabels` | Thanos Ruler pod labels | `{}` | +| `ruler.podAnnotations` | Annotations for Thanos Ruler pods | `{}` | +| `ruler.dnsConfig` | Deployment pod DNS config | `{}` | +| `ruler.dnsPolicy` | Deployment pod DNS policy | `""` | +| `ruler.hostAliases` | Deployment pod host aliases | `[]` | +| `ruler.lifecycleHooks` | for the Thanos Ruler container(s) to automate configuration before or after startup | `{}` | +| `ruler.priorityClassName` | Thanos Ruler priorityClassName | `""` | +| `ruler.schedulerName` | Name of the k8s scheduler (other than default) for Thanos Ruler pods | `""` | +| `ruler.topologySpreadConstraints` | Topology Spread Constraints for Thanos Ruler pods assignment spread across your cluster among failure-domains | `[]` | +| `ruler.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | +| `ruler.networkPolicy.allowExternal` | Don't require client label for connections | `true` | +| `ruler.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | +| `ruler.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `ruler.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `ruler.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | +| `ruler.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | +| `ruler.service.type` | Kubernetes service type | `ClusterIP` | +| `ruler.service.ports.http` | Thanos Ruler service HTTP port | `9090` | +| `ruler.service.ports.grpc` | Thanos Ruler service GRPC port | `10901` | +| `ruler.service.nodePorts.http` | Specify the Thanos Ruler HTTP nodePort value for the LoadBalancer and NodePort service types | `""` | +| `ruler.service.nodePorts.grpc` | Specify the Thanos Ruler GRPC nodePort value for the LoadBalancer and NodePort service types | `""` | +| `ruler.service.clusterIP` | Thanos Ruler service clusterIP IP | `""` | +| `ruler.service.loadBalancerIP` | Load balancer IP if service type is `LoadBalancer` | `""` | +| `ruler.service.loadBalancerSourceRanges` | Address that are allowed when service is LoadBalancer | `[]` | +| `ruler.service.externalTrafficPolicy` | Thanos Ruler service externalTrafficPolicy | `Cluster` | +| `ruler.service.labels` | Extra labels for Thanos Ruler service | `{}` | +| `ruler.service.annotations` | Annotations for Thanos Ruler service | `{}` | +| `ruler.service.extraPorts` | Extra ports to expose in the Thanos Ruler service | `[]` | +| `ruler.service.labelSelectorsOverride` | Selector for Thanos Query service | `{}` | +| `ruler.service.additionalHeadless` | Additional Headless service | `false` | +| `ruler.service.headless.annotations` | Annotations for the headless service. | `{}` | +| `ruler.persistence.enabled` | Enable data persistence using PVC(s) on Thanos Ruler pods | `true` | +| `ruler.persistence.storageClass` | Specify the `storageClass` used to provision the volume | `""` | +| `ruler.persistence.accessModes` | PVC Access Modes for data volume | `["ReadWriteOnce"]` | +| `ruler.persistence.size` | PVC Storage Request for data volume | `8Gi` | +| `ruler.persistence.annotations` | Annotations for the PVC | `{}` | +| `ruler.persistence.existingClaim` | Name of an existing PVC to use | `""` | +| `ruler.persistentVolumeClaimRetentionPolicy.enabled` | Enable Persistent volume retention policy for Thanos Ruler Statefulset | `false` | +| `ruler.persistentVolumeClaimRetentionPolicy.whenScaled` | Volume retention behavior when the replica count of the StatefulSet is reduced | `Retain` | +| `ruler.persistentVolumeClaimRetentionPolicy.whenDeleted` | Volume retention behavior that applies when the StatefulSet is deleted | `Retain` | +| `ruler.automountServiceAccountToken` | Enable/disable auto mounting of the service account token only for the sts | `true` | +| `ruler.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | +| `ruler.serviceAccount.name` | Name of the service account to use. If not set and create is true, a name is generated using the fullname template. | `""` | +| `ruler.serviceAccount.annotations` | Annotations for Thanos Ruler Service Account | `{}` | +| `ruler.serviceAccount.automountServiceAccountToken` | Enable/disable auto mounting of the service account token | `false` | +| `ruler.autoscaling.enabled` | Enable autoscaling for Thanos Ruler | `false` | +| `ruler.autoscaling.minReplicas` | Minimum number of Thanos Ruler replicas | `""` | +| `ruler.autoscaling.maxReplicas` | Maximum number of Thanos Ruler replicas | `""` | +| `ruler.autoscaling.targetCPU` | Target CPU utilization percentage | `""` | +| `ruler.autoscaling.targetMemory` | Target Memory utilization percentage | `""` | +| `ruler.pdb.create` | Enable/disable a Pod Disruption Budget creation for Thanos Ruler | `true` | +| `ruler.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `""` | +| `ruler.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` | +| `ruler.ingress.enabled` | Enable ingress controller resource | `false` | +| `ruler.ingress.hostname` | Default host for the ingress resource | `thanos-ruler.local` | +| `ruler.ingress.ingressClassName` | IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | `""` | +| `ruler.ingress.annotations` | Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | `{}` | +| `ruler.ingress.extraHosts` | The list of additional hostnames to be covered with this ingress record. | `[]` | +| `ruler.ingress.extraTls` | The tls configuration for additional hostnames to be covered with this ingress record. | `[]` | +| `ruler.ingress.secrets` | If you're providing your own certificates, please use this to add the certificates as secrets | `[]` | +| `ruler.ingress.extraRules` | Additional rules to be covered with this ingress record | `[]` | +| `ruler.ingress.apiVersion` | Force Ingress API version (automatically detected if not set) | `""` | +| `ruler.ingress.path` | Ingress path | `/` | +| `ruler.ingress.pathType` | Ingress path type | `ImplementationSpecific` | + +### Thanos Receive parameters + +| Name | Description | Value | +| ----------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------ | +| `receive.enabled` | Enable/disable Thanos Receive component | `false` | +| `receive.mode` | Mode to run receiver in. Valid options are "standalone" or "dual-mode" | `standalone` | +| `receive.logLevel` | Thanos Receive log level | `info` | +| `receive.logFormat` | Thanos Receive log format | `logfmt` | +| `receive.tsdbRetention` | Thanos Receive TSDB retention period | `15d` | +| `receive.replicationFactor` | Thanos Receive replication-factor | `1` | +| `receive.config` | Receive Hashring configuration | `[]` | +| `receive.tsdbPath` | Thanos Receive path to the time series database | `""` | +| `receive.existingConfigmap` | Name of existing ConfigMap with Thanos Receive Hashring configuration | `""` | +| `receive.replicaLabel` | Label to treat as a replica indicator along which data is de-duplicated | `replica` | +| `receive.grpc.server.tls.enabled` | Enable TLS encryption in the GRPC server | `false` | +| `receive.grpc.server.tls.autoGenerated` | Create self-signed TLS certificates. Currently only supports PEM certificates | `false` | +| `receive.grpc.server.tls.cert` | TLS Certificate for GRPC server - ignored if existingSecret is provided | `""` | +| `receive.grpc.server.tls.key` | TLS Key for GRPC server - ignored if existingSecret is provided | `""` | +| `receive.grpc.server.tls.ca` | TLS CA to verify clients against - ignored if existingSecret is provided | `""` | +| `receive.grpc.server.tls.clientAuthEnabled` | Enable TLS client verification against provided CA | `true` | +| `receive.grpc.server.tls.existingSecret` | Existing secret containing your own TLS certificates | `{}` | +| `receive.extraEnvVars` | Extra environment variables for Thanos Receive container | `[]` | +| `receive.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Thanos Receive nodes | `""` | +| `receive.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Thanos Receive nodes | `""` | +| `receive.extraFlags` | Extra Flags to passed to Thanos Receive | `[]` | +| `receive.command` | Override default container command (useful when using custom images) | `[]` | +| `receive.args` | Override default container args (useful when using custom images) | `[]` | +| `receive.replicaCount` | Number of Thanos Receive replicas to deploy | `1` | +| `receive.revisionHistoryLimit` | The number of old history to retain to allow rollback | `10` | +| `receive.updateStrategy.type` | Update strategy type for Thanos Receive replicas | `RollingUpdate` | +| `receive.podManagementPolicy` | | `OrderedReady` | +| `receive.podManagementPolicy` | Statefulset Pod management policy: OrderedReady (default) or Parallel | `OrderedReady` | +| `receive.minReadySeconds` | How many seconds a pod needs to be ready before killing the next, during update | `0` | +| `receive.containerPorts.http` | HTTP container port | `10902` | +| `receive.containerPorts.grpc` | GRPC container port | `10901` | +| `receive.containerPorts.remote` | remote-write container port | `19291` | +| `receive.podSecurityContext.enabled` | Enable security context for the Thanos Receive pods | `true` | +| `receive.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `receive.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `receive.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `receive.podSecurityContext.fsGroup` | Group ID for the filesystem used by Thanos Receive pods | `1001` | +| `receive.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | +| `receive.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `receive.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `receive.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` | +| `receive.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | +| `receive.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | +| `receive.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` | +| `receive.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | +| `receive.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | +| `receive.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `receive.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if receive.resources is set (receive.resources is recommended for production). | `nano` | +| `receive.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `receive.livenessProbe.enabled` | Enable livenessProbe on Thanos Receive containers | `true` | +| `receive.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` | +| `receive.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `receive.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `30` | +| `receive.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | +| `receive.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `receive.readinessProbe.enabled` | Enable readinessProbe on Thanos Receive containers | `true` | +| `receive.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | +| `receive.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `receive.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `30` | +| `receive.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | +| `receive.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `receive.startupProbe.enabled` | Enable startupProbe on Thanos Receive containers | `false` | +| `receive.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | +| `receive.startupProbe.periodSeconds` | Period seconds for startupProbe | `5` | +| `receive.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | +| `receive.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | +| `receive.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `receive.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `receive.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `receive.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `receive.initContainers` | Add additional init containers to the Thanos Receive pods | `[]` | +| `receive.sidecars` | Extra containers running as sidecars to Thanos Receive pods | `[]` | +| `receive.extraVolumes` | Extra volumes to add to Thanos Receive | `[]` | +| `receive.extraVolumeMounts` | Extra volume mounts to add to the receive container | `[]` | +| `receive.podAffinityPreset` | Thanos Receive pod affinity preset | `""` | +| `receive.podAntiAffinityPreset` | Thanos Receive pod anti-affinity preset. Ignored if `ruler.affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `receive.nodeAffinityPreset.type` | Thanos Receive node affinity preset type. Ignored if `receive.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `receive.nodeAffinityPreset.key` | Thanos Receive node label key to match. Ignored if `receive.affinity` is set. | `""` | +| `receive.nodeAffinityPreset.values` | Thanos Receive node label values to match. Ignored if `receive.affinity` is set. | `[]` | +| `receive.affinity` | Thanos Receive affinity for pod assignment | `{}` | +| `receive.nodeSelector` | Thanos Receive node labels for pod assignment | `{}` | +| `receive.tolerations` | Thanos Receive tolerations for pod assignment | `[]` | +| `receive.statefulsetLabels` | Thanos Receive statefulset labels | `{}` | +| `receive.podLabels` | Thanos Receive pod labels | `{}` | +| `receive.podAnnotations` | Annotations for Thanos Receive pods | `{}` | +| `receive.dnsConfig` | Deployment pod DNS config | `{}` | +| `receive.dnsPolicy` | Deployment pod DNS policy | `""` | +| `receive.hostAliases` | Deployment pod host aliases | `[]` | +| `receive.terminationGracePeriodSeconds` | for the Thanos Receive containers(s) to extend the grace period | `""` | +| `receive.lifecycleHooks` | for the Thanos Receive container(s) to automate configuration before or after startup | `{}` | +| `receive.priorityClassName` | Thanos Receive priorityClassName | `""` | +| `receive.schedulerName` | Name of the k8s scheduler (other than default) for Thanos Receive pods | `""` | +| `receive.topologySpreadConstraints` | Topology Spread Constraints for Thanos Receive pods assignment spread across your cluster among failure-domains | `[]` | +| `receive.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | +| `receive.networkPolicy.allowExternal` | Don't require client label for connections | `true` | +| `receive.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | +| `receive.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `receive.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `receive.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | +| `receive.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | +| `receive.service.type` | Kubernetes service type | `ClusterIP` | +| `receive.service.ports.http` | Thanos Ruler service HTTP port | `10902` | +| `receive.service.ports.grpc` | Thanos Ruler service GRPC port | `10901` | +| `receive.service.ports.remote` | Thanos Ruler service remote port | `19291` | +| `receive.service.nodePorts.http` | Specify the Thanos Ruler HTTP nodePort value for the LoadBalancer and NodePort service types | `""` | +| `receive.service.nodePorts.grpc` | Specify the Thanos Ruler GRPC nodePort value for the LoadBalancer and NodePort service types | `""` | +| `receive.service.nodePorts.remote` | Specify the Thanos Ruler remote nodePort value for the LoadBalancer and NodePort service types | `""` | +| `receive.service.clusterIP` | Thanos Ruler service clusterIP IP | `""` | +| `receive.service.loadBalancerIP` | Load balancer IP if service type is `LoadBalancer` | `""` | +| `receive.service.loadBalancerSourceRanges` | Addresses that are allowed when service is LoadBalancer | `[]` | +| `receive.service.externalTrafficPolicy` | Thanos Ruler service externalTrafficPolicy | `Cluster` | +| `receive.service.labels` | Extra labels for Thanos Receive service | `{}` | +| `receive.service.annotations` | Annotations for Thanos Receive service | `{}` | +| `receive.service.extraPorts` | Extra ports to expose in the Thanos Receive service | `[]` | +| `receive.service.labelSelectorsOverride` | Selector for Thanos receive service | `{}` | +| `receive.service.additionalHeadless` | Additional Headless service | `false` | +| `receive.service.headless.annotations` | Annotations for the headless service. | `{}` | +| `receive.automountServiceAccountToken` | Enable/disable auto mounting of the service account token only for the sts | `true` | +| `receive.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | +| `receive.serviceAccount.name` | Name of the service account to use. If not set and create is true, a name is generated using the fullname template. | `""` | +| `receive.serviceAccount.annotations` | Annotations for Thanos Receive Service Account | `{}` | +| `receive.serviceAccount.automountServiceAccountToken` | Enable/disable auto mounting of the service account token | `false` | +| `receive.autoscaling.enabled` | Enable autoscaling for Thanos Receive | `false` | +| `receive.autoscaling.minReplicas` | Minimum number of Thanos Receive replicas | `""` | +| `receive.autoscaling.maxReplicas` | Maximum number of Thanos Receive replicas | `""` | +| `receive.autoscaling.targetCPU` | Target CPU utilization percentage | `""` | +| `receive.autoscaling.targetMemory` | Target Memory utilization percentage | `""` | +| `receive.pdb.create` | Enable/disable a Pod Disruption Budget creation for Thanos Receive | `true` | +| `receive.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `""` | +| `receive.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` | +| `receive.persistence.enabled` | Enable data persistence using PVC(s) on Thanos Receive pods | `true` | +| `receive.persistence.storageClass` | Specify the `storageClass` used to provision the volume | `""` | +| `receive.persistence.accessModes` | PVC Access Modes for data volume | `["ReadWriteOnce"]` | +| `receive.persistence.size` | PVC Storage Request for data volume | `8Gi` | +| `receive.persistence.labels` | Labels for the PVC | `{}` | +| `receive.persistence.annotations` | Annotations for the PVC | `{}` | +| `receive.persistence.existingClaim` | Name of an existing PVC to use | `""` | +| `receive.persistentVolumeClaimRetentionPolicy.enabled` | Enable Persistent volume retention policy for Thanos Receive Statefulset | `false` | +| `receive.persistentVolumeClaimRetentionPolicy.whenScaled` | Volume retention behavior when the replica count of the StatefulSet is reduced | `Retain` | +| `receive.persistentVolumeClaimRetentionPolicy.whenDeleted` | Volume retention behavior that applies when the StatefulSet is deleted | `Retain` | +| `receive.ingress.enabled` | Set to true to enable ingress record generation | `false` | +| `receive.ingress.hostname` | When the ingress is enabled, a host pointing to this will be created | `thanos-receive.local` | +| `receive.ingress.ingressClassName` | IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | `""` | +| `receive.ingress.annotations` | Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | `{}` | +| `receive.ingress.extraHosts` | The list of additional hostnames to be covered with this ingress record. | `[]` | +| `receive.ingress.extraTls` | The tls configuration for additional hostnames to be covered with this ingress record. | `[]` | +| `receive.ingress.secrets` | If you're providing your own certificates, please use this to add the certificates as secrets | `[]` | +| `receive.ingress.extraRules` | Additional rules to be covered with this ingress record | `[]` | +| `receive.ingress.tls` | Enable TLS configuration for the hostname defined at `receive.ingress.hostname` parameter | `false` | +| `receive.ingress.selfSigned` | Create a TLS secret for this ingress record using self-signed certificates generated by Helm | `false` | +| `receive.ingress.apiVersion` | Override API Version (automatically detected if not set) | `""` | +| `receive.ingress.path` | Ingress Path | `/` | +| `receive.ingress.pathType` | Ingress Path type | `ImplementationSpecific` | + +### Thanos Receive Distributor parameters + +| Name | Description | Value | +| ---------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- | +| `receiveDistributor.enabled` | Enable/disable Thanos Receive Distributor component | `false` | +| `receiveDistributor.logLevel` | Thanos Receive Distributor log level | `info` | +| `receiveDistributor.logFormat` | Thanos Receive Distributor log format | `logfmt` | +| `receiveDistributor.replicaLabel` | Label to treat as a replica indicator along which data is de-duplicated | `replica` | +| `receiveDistributor.replicationFactor` | Thanos Receive Distributor replication-factor | `1` | +| `receiveDistributor.extraEnvVars` | Extra environment variables for Thanos Receive Distributor container | `[]` | +| `receiveDistributor.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Thanos Receive Distributor nodes | `""` | +| `receiveDistributor.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Thanos Receive Distributor nodes | `""` | +| `receiveDistributor.extraFlags` | Extra Flags to passed to Thanos Receive Distributor | `[]` | +| `receiveDistributor.command` | Override default container command (useful when using custom images) | `[]` | +| `receiveDistributor.args` | Override default container args (useful when using custom images) | `[]` | +| `receiveDistributor.replicaCount` | Number of Thanos Receive Distributor replicas to deploy | `1` | +| `receiveDistributor.revisionHistoryLimit` | The number of old history to retain to allow rollback | `10` | +| `receiveDistributor.updateStrategy.type` | Update strategy type for Thanos Receive Distributor replicas | `RollingUpdate` | +| `receiveDistributor.podSecurityContext.enabled` | Enable security context for the Thanos Receive Distributor pods | `true` | +| `receiveDistributor.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `receiveDistributor.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `receiveDistributor.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `receiveDistributor.podSecurityContext.fsGroup` | Group ID for the filesystem used by Thanos Receive Distributor pods | `1001` | +| `receiveDistributor.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | +| `receiveDistributor.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` | +| `receiveDistributor.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `receiveDistributor.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` | +| `receiveDistributor.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | +| `receiveDistributor.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | +| `receiveDistributor.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` | +| `receiveDistributor.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | +| `receiveDistributor.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | +| `receiveDistributor.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `receiveDistributor.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if receiveDistributor.resources is set (receiveDistributor.resources is recommended for production). | `nano` | +| `receiveDistributor.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `receiveDistributor.livenessProbe.enabled` | Enable livenessProbe on Thanos Receive Distributor containers | `true` | +| `receiveDistributor.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` | +| `receiveDistributor.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `receiveDistributor.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `30` | +| `receiveDistributor.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | +| `receiveDistributor.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `receiveDistributor.readinessProbe.enabled` | Enable readinessProbe on Thanos Receive Distributor containers | `true` | +| `receiveDistributor.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | +| `receiveDistributor.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `receiveDistributor.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `30` | +| `receiveDistributor.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | +| `receiveDistributor.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `receiveDistributor.startupProbe.enabled` | Enable startupProbe on Thanos Receive Distributor containers | `false` | +| `receiveDistributor.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | +| `receiveDistributor.startupProbe.periodSeconds` | Period seconds for startupProbe | `5` | +| `receiveDistributor.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | +| `receiveDistributor.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | +| `receiveDistributor.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `receiveDistributor.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `receiveDistributor.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `receiveDistributor.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `receiveDistributor.initContainers` | Add additional init containers to the Thanos Receive Distributor pods | `[]` | +| `receiveDistributor.sidecars` | Extra containers running as sidecars to Thanos Receive Distributor pods | `[]` | +| `receiveDistributor.extraVolumes` | Extra volumes to add to Thanos Receive Distributor | `[]` | +| `receiveDistributor.extraVolumeMounts` | Extra volume mounts to add to the receive distributor container | `[]` | +| `receiveDistributor.podAffinityPreset` | Thanos Receive pod affinity preset | `""` | +| `receiveDistributor.podAntiAffinityPreset` | Thanos Receive pod anti-affinity preset. Ignored if `receiveDistributor.affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `receiveDistributor.nodeAffinityPreset.type` | Thanos Receive node affinity preset type. Ignored if `receiveDistributor.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `receiveDistributor.nodeAffinityPreset.key` | Thanos Receive node label key to match. Ignored if `receiveDistributor.affinity` is set. | `""` | +| `receiveDistributor.nodeAffinityPreset.values` | Thanos Receive node label values to match. Ignored if `receiveDistributor.affinity` is set. | `[]` | +| `receiveDistributor.affinity` | Thanos Receive Distributor affinity for pod assignment | `{}` | +| `receiveDistributor.nodeSelector` | Thanos Receive Distributor node labels for pod assignment | `{}` | +| `receiveDistributor.tolerations` | Thanos Receive Distributor tolerations for pod assignment | `[]` | +| `receiveDistributor.podLabels` | Thanos Receive Distributor pod labels | `{}` | +| `receiveDistributor.podAnnotations` | Annotations for Thanos Receive Distributor pods | `{}` | +| `receiveDistributor.dnsConfig` | Deployment pod DNS config | `{}` | +| `receiveDistributor.dnsPolicy` | Deployment pod DNS policy | `""` | +| `receiveDistributor.hostAliases` | Deployment pod host aliases | `[]` | +| `receiveDistributor.lifecycleHooks` | for the Thanos Receive Distributor container(s) to automate configuration before or after startup | `{}` | +| `receiveDistributor.priorityClassName` | Thanos Receive Distributor priorityClassName | `""` | +| `receiveDistributor.schedulerName` | Name of the k8s scheduler (other than default) for Thanos Receive Distributor pods | `""` | +| `receiveDistributor.topologySpreadConstraints` | Topology Spread Constraints for Thanos Receive Distributor pods assignment spread across your cluster among failure-domains | `[]` | +| `receiveDistributor.automountServiceAccountToken` | Enable/disable auto mounting of the service account token only for the deployment | `true` | +| `receiveDistributor.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | +| `receiveDistributor.serviceAccount.name` | Name of the service account to use. If not set and create is true, a name is generated using the fullname template. | `""` | +| `receiveDistributor.serviceAccount.annotations` | Annotations for Thanos Receive Distributor Service Account | `{}` | +| `receiveDistributor.serviceAccount.automountServiceAccountToken` | Enable/disable auto mounting of the service account token | `false` | +| `receiveDistributor.autoscaling.enabled` | Enable autoscaling for Thanos Receive Distributor | `false` | +| `receiveDistributor.autoscaling.minReplicas` | Minimum number of Thanos Receive Distributor replicas | `""` | +| `receiveDistributor.autoscaling.maxReplicas` | Maximum number of Thanos Receive Distributor replicas | `""` | +| `receiveDistributor.autoscaling.targetCPU` | Target CPU utilization percentage | `""` | +| `receiveDistributor.autoscaling.targetMemory` | Target Memory utilization percentage | `""` | +| `receiveDistributor.pdb.create` | Enable/disable a Pod Disruption Budget creation for Thanos Receive Distributor | `true` | +| `receiveDistributor.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `""` | +| `receiveDistributor.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` | + +### Metrics parameters + +| Name | Description | Value | +| --------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------- | +| `metrics.enabled` | Enable the export of Prometheus metrics | `false` | +| `metrics.serviceMonitor.enabled` | Specify if a ServiceMonitor will be deployed for Prometheus Operator | `false` | +| `metrics.serviceMonitor.namespace` | Namespace in which Prometheus is running | `""` | +| `metrics.serviceMonitor.labels` | Extra labels for the ServiceMonitor | `{}` | +| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in Prometheus | `""` | +| `metrics.serviceMonitor.interval` | How frequently to scrape metrics | `""` | +| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` | +| `metrics.serviceMonitor.metricRelabelings` | Specify additional relabeling of metrics | `[]` | +| `metrics.serviceMonitor.relabelings` | Specify general relabeling | `[]` | +| `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` | +| `metrics.serviceMonitor.extraParameters` | Any extra parameter to be added to the endpoint configured in the ServiceMonitor | `{}` | +| `metrics.prometheusRule.enabled` | If `true`, creates a Prometheus Operator PrometheusRule (also requires `metrics.enabled` to be `true`) | `false` | +| `metrics.prometheusRule.default.absent_rules` | Enable absent_rules when metrics.prometheusRule.default.create is false (also requires `metrics.enabled` to be `true`) | | +| `metrics.prometheusRule.default.compaction` | Enable compaction rules when metrics.prometheusRule.default.create is false (also requires `metrics.enabled` to be `true`) | | +| `metrics.prometheusRule.default.query` | Enable query when metrics.prometheusRule.default.create is false (also requires `metrics.enabled` to be `true`) | | +| `metrics.prometheusRule.default.receive` | Enable receive rules when metrics.prometheusRule.default.create is false (also requires `metrics.enabled` to be `true`) | | +| `metrics.prometheusRule.default.replicate` | Enable replicate rules when metrics.prometheusRule.default.create is false (also requires `metrics.enabled` to be `true`) | | +| `metrics.prometheusRule.default.ruler` | Enable ruler rules when metrics.prometheusRule.default.create is false (also requires `metrics.enabled` to be `true`) | | +| `metrics.prometheusRule.default.sidecar` | Enable sidecar rules when metrics.prometheusRule.default.create is false (also requires `metrics.enabled` to be `true`) | | +| `metrics.prometheusRule.default.sidecarJobRegex` | Allows the customization of the thanos-sidecar job name to use in the sidecar prometheus alerts | `.*thanos-sidecar.*` | +| `metrics.prometheusRule.default.store_gateway` | Enable store_gateway rules when metrics.prometheusRule.default.create is false (also requires `metrics.enabled` to be `true`) | | +| `metrics.prometheusRule.default.create` | would create all default prometheus alerts | `false` | +| `metrics.prometheusRule.default.disabled.ThanosCompactIsDown` | Disable ThanosCompactIsDown rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.absent_rules is true | | +| `metrics.prometheusRule.default.disabled.ThanosQueryIsDown` | Disable ThanosQueryIsDown rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.absent_rules is true | | +| `metrics.prometheusRule.default.disabled.ThanosReceiveIsDown` | Disable ThanosReceiveIsDown rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.absent_rules is true | | +| `metrics.prometheusRule.default.disabled.ThanosRuleIsDown` | Disable ThanosRuleIsDown rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.absent_rules is true | | +| `metrics.prometheusRule.default.disabled.ThanosSidecarIsDown` | Disable ThanosSidecarIsDown rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.absent_rules is true | | +| `metrics.prometheusRule.default.disabled.ThanosStoreIsDown` | Disable ThanosStoreIsDown rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.absent_rules is true | | +| `metrics.prometheusRule.default.disabled.ThanosCompactMultipleRunning` | Disable ThanosCompactMultipleRunning rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.compaction is true | | +| `metrics.prometheusRule.default.disabled.ThanosCompactHalted` | Disable ThanosCompactMultipleRunning rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.compaction is true | | +| `metrics.prometheusRule.default.disabled.ThanosCompactHighCompactionFailures` | Disable ThanosCompactMultipleRunning rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.compaction is true | | +| `metrics.prometheusRule.default.disabled.ThanosCompactBucketHighOperationFailures` | Disable ThanosCompactMultipleRunning rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.compaction is true | | +| `metrics.prometheusRule.default.disabled.ThanosCompactHasNotRun` | Disable ThanosCompactMultipleRunning rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.compaction is true | | +| `metrics.prometheusRule.default.disabled.ThanosQueryHttpRequestQueryErrorRateHigh` | Disable ThanosQueryHttpRequestQueryErrorRateHigh rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.query is true | | +| `metrics.prometheusRule.default.disabled.ThanosQueryHttpRequestQueryRangeErrorRateHigh` | Disable ThanosQueryHttpRequestQueryRangeErrorRateHigh rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.query is true | | +| `metrics.prometheusRule.default.disabled.ThanosQueryGrpcServerErrorRate` | Disable ThanosQueryGrpcServerErrorRate rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.query is true | | +| `metrics.prometheusRule.default.disabled.ThanosQueryGrpcClientErrorRate` | Disable ThanosQueryGrpcClientErrorRate rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.query is true | | +| `metrics.prometheusRule.default.disabled.ThanosQueryHighDNSFailures` | Disable ThanosQueryHighDNSFailures rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.query is true | | +| `metrics.prometheusRule.default.disabled.ThanosQueryInstantLatencyHigh` | Disable ThanosQueryInstantLatencyHigh rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.query is true | | +| `metrics.prometheusRule.default.disabled.ThanosQueryRangeLatencyHigh` | Disable ThanosQueryRangeLatencyHigh rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.query is true | | +| `metrics.prometheusRule.default.disabled.ThanosQueryOverload` | Disable ThanosQueryOverload rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.query is true | | +| `metrics.prometheusRule.default.disabled.ThanosReceiveHttpRequestErrorRateHigh` | Disable ThanosReceiveHttpRequestErrorRateHigh rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.receive is true | | +| `metrics.prometheusRule.default.disabled.ThanosReceiveHttpRequestLatencyHigh` | Disable ThanosReceiveHttpRequestLatencyHigh rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.receive is true | | +| `metrics.prometheusRule.default.disabled.ThanosReceiveHighReplicationFailures` | Disable ThanosReceiveHighReplicationFailures rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.receive is true | | +| `metrics.prometheusRule.default.disabled.ThanosReceiveHighForwardRequestFailures` | Disable ThanosReceiveHighForwardRequestFailures rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.receive is true | | +| `metrics.prometheusRule.default.disabled.ThanosReceiveHighHashringFileRefreshFailures` | Disable ThanosReceiveHighHashringFileRefreshFailures rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.receive is true | | +| `metrics.prometheusRule.default.disabled.ThanosReceiveConfigReloadFailure` | Disable ThanosReceiveConfigReloadFailure rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.receive is true | | +| `metrics.prometheusRule.default.disabled.ThanosReceiveNoUpload` | Disable ThanosReceiveNoUpload rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.receive is true | | +| `metrics.prometheusRule.default.disabled.ThanosReceiveTrafficBelowThreshold` | Disable ThanosReceiveTrafficBelowThreshold rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.receive is true | | +| `metrics.prometheusRule.default.disabled.ThanosBucketReplicateErrorRate` | Disable ThanosBucketReplicateErrorRate rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.receive is true | | +| `metrics.prometheusRule.default.disabled.ThanosBucketReplicateRunLatency` | Disable ThanosBucketReplicateRunLatency rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.receive is true | | +| `metrics.prometheusRule.default.disabled.ThanosRuleQueueIsDroppingAlerts` | Disable ThanosRuleQueueIsDroppingAlerts rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.ruler is true | | +| `metrics.prometheusRule.default.disabled.ThanosRuleSenderIsFailingAlerts` | Disable ThanosRuleSenderIsFailingAlerts rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.ruler is true | | +| `metrics.prometheusRule.default.disabled.ThanosRuleHighRuleEvaluationFailures` | Disable ThanosRuleHighRuleEvaluationFailures rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.ruler is true | | +| `metrics.prometheusRule.default.disabled.ThanosRuleHighRuleEvaluationWarnings` | Disable ThanosRuleHighRuleEvaluationWarnings rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.ruler is true | | +| `metrics.prometheusRule.default.disabled.ThanosRuleRuleEvaluationLatencyHigh` | Disable ThanosRuleRuleEvaluationLatencyHigh rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.ruler is true | | +| `metrics.prometheusRule.default.disabled.ThanosRuleGrpcErrorRate` | Disable ThanosRuleGrpcErrorRate rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.ruler is true | | +| `metrics.prometheusRule.default.disabled.ThanosRuleConfigReloadFailure` | Disable ThanosRuleConfigReloadFailure rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.ruler is true | | +| `metrics.prometheusRule.default.disabled.ThanosRuleQueryHighDNSFailures` | Disable ThanosRuleQueryHighDNSFailures rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.ruler is true | | +| `metrics.prometheusRule.default.disabled.ThanosRuleAlertmanagerHighDNSFailures` | Disable ThanosRuleAlertmanagerHighDNSFailures rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.ruler is true | | +| `metrics.prometheusRule.default.disabled.ThanosRuleNoEvaluationFor10Intervals` | Disable ThanosRuleNoEvaluationFor10Intervals rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.ruler is true | | +| `metrics.prometheusRule.default.disabled.ThanosNoRuleEvaluations` | Disable ThanosNoRuleEvaluations rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.ruler is true | | +| `metrics.prometheusRule.default.disabled.ThanosSidecarBucketOperationsFailed` | Disable ThanosSidecarBucketOperationsFailed rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.sidecar is true | | +| `metrics.prometheusRule.default.disabled.ThanosSidecarNoConnectionToStartedPrometheus` | Disable ThanosSidecarNoConnectionToStartedPrometheus rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.sidecar is true | | +| `metrics.prometheusRule.default.disabled.ThanosStoreGrpcErrorRate` | Disable ThanosSidecarNoConnectionToStartedPrometheus rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.store_gateway is true | | +| `metrics.prometheusRule.default.disabled.ThanosStoreSeriesGateLatencyHigh` | Disable ThanosStoreSeriesGateLatencyHigh rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.store_gateway is true | | +| `metrics.prometheusRule.default.disabled.ThanosStoreBucketHighOperationFailures` | Disable ThanosStoreBucketHighOperationFailures rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.store_gateway is true | | +| `metrics.prometheusRule.default.disabled.ThanosStoreObjstoreOperationLatencyHigh` | Disable ThanosStoreObjstoreOperationLatencyHigh rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.store_gateway is true | | +| `metrics.prometheusRule.default.disabled` | disable one specific prometheus alert rule | `{}` | +| `metrics.prometheusRule.runbookUrl` | Prefix for runbook URLs. Use this to override the first part of the runbookURLs that is common to all rules | `https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-` | +| `metrics.prometheusRule.namespace` | Namespace in which the PrometheusRule CRD is created | `""` | +| `metrics.prometheusRule.additionalLabels` | Additional labels for the prometheusRule | `{}` | +| `metrics.prometheusRule.groups` | Prometheus Rule Groups for Thanos components | `[]` | + +### Volume Permissions parameters + +| Name | Description | Value | +| ------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | -------------------------- | +| `volumePermissions.enabled` | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` | `false` | +| `volumePermissions.image.registry` | Init container volume-permissions image registry | `REGISTRY_NAME` | +| `volumePermissions.image.repository` | Init container volume-permissions image repository | `REPOSITORY_NAME/os-shell` | +| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | +| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | + +### MinIO® chart parameters + +| Name | Description | Value | +| ------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | +| `minio` | For full list of MinIO® values configurations please refere [here](https://github.com/bitnami/charts/tree/main/bitnami/minio) | | +| `minio.enabled` | Enable/disable MinIO® chart installation | `false` | +| `minio.auth.rootUser` | MinIO® root username | `admin` | +| `minio.auth.rootPassword` | Password for MinIO® root user | `""` | +| `minio.defaultBuckets` | Comma, semi-colon or space separated list of MinIO® buckets to create | `thanos` | +| `minio.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `micro` | +| `minio.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```console +helm install my-release --set query.replicaCount=2 oci://REGISTRY_NAME/REPOSITORY_NAME/thanos +``` + +> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. + +The above command install Thanos chart with 2 Thanos Query replicas. + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, + +```console +helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/thanos +``` + +> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`. +> **Tip**: You can use the default [values.yaml](https://github.com/bitnami/charts/tree/main/bitnami/thanos/values.yaml) + +## Troubleshooting + +Find more information about how to deal with common errors related to Bitnami's Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). + +## Upgrading + +### To 15.0.0 + +This major bump changes the following security defaults: + +- `resourcesPreset` is changed from `none` to the minimum size working in our test suites (NOTE: `resourcesPreset` is not meant for production usage, but `resources` adapted to your use case). +- `global.compatibility.openshift.adaptSecurityContext` is changed from `disabled` to `auto`. + +This could potentially break any customization or init scripts used in your deployment. If this is the case, change the default values to the previous ones. + +### To 14.0.0 + +This major release bumps the MinIO chart version to [13.x.x](https://github.com/bitnami/charts/pull/22058/); no major issues are expected during the upgrade. + +### To 13.0.0 + +This major version changes the NetworkPolicy objects and creates one per Thanos component. The `networkPolicy` common value was removed in favor of `COMPONENT.networkPolicy`. Also, NetworkPolicy objects are deployed by default. This can be changed by setting `COMPONENT.networkPolicy.enabled=false` being `COMPONENT` one of the Thanos components. + +This version also removes deprecated service port values like `receive.service.http.port` in favor of `recieve.service.ports.http`, as well as `existingServiceAccount`. + +### To 12.0.0 + +This major updates the MinIO® subchart to its newest major, 12.0.0. This subchart's major doesn't include any changes affecting its use as a subchart for Thanos, so no major issues are expected during the upgrade. + +### To 10.0.0 + +This version deprecates the usage of `MINIO_ACCESS_KEY` and `MINIO_SECRET_KEY` environment variables in MINIO® container in favor of `MINIO_ROOT_USER` and `MINIO_ROOT_PASSWORD`. + +If you were already using the new variables, no issues are expected during upgrade. + +### To 9.0.0 + +This major updates the MinIO® subchart to its newest major, 10.0.0. This subchart's major doesn't include any changes affecting its use as a subchart for Thanos, only needing the standard upgrade process from chart's version `8.X`. + +### To 8.0.0 + +The chart was changed to adapt to the common Bitnami chart standards. Now it includes common elements such as sidecar and init container support, custom commands, custom liveness/readiness probes, extra environment variables support, extra pod annotations and labels, among others. In addition, other remarkable changes were to harmonize the values structure: + +- The `receive.distributor.*` parameters have been renamed to `receiveDistributor.*`, and the associated manifests have been moved into its own folder. This way, Thanos Receive Distributor is treated as any other component. +- The parameter to configure TLS in the GRPC server have been restructured so they follow the `XXX.grpc.server.tls` and `XXX.grpc.client.tls` format. Previous to this change, we had different structures depending on the component. + +### To 7.0.0 + +This major updates the MinIO® subchart to its newest major, 9.0.0, which updates authentication parameters. Check [MinIO® Upgrading Notes](https://github.com/bitnami/charts/tree/main/bitnami/minio#to-900) for more information. +This major release renames several values in this chart and adds missing features, in order to be inline with the rest of assets in the Bitnami charts repositor. Some of the affected values are: + +- `XXX.extraEnv` parameters were renamed to `XXX.extraEnvVars`. +- `XXX.extraContainers` parameters were renamed to `XXX.sidecars`. +- `XXX.service.PROTOCOL.port` parameters were renamed to `XXX.service.ports.PROTOCOL` (e.g. `query.service.http.port` is now `query.service.ports.http`). +- `XXX.service.PROTOCOL.nodePort`parameters were renamed to `XXX.service.nodePorts.PROTOCOL` (e.g. `query.service.http.nodePort` is now `query.service.nodePorts.http`). +- `XXX.ingress.certManager` parameters were deprecated, use `XXX.ingress.annotations` to set the required annotations for CertManager instead. + +### To 6.0.0 + +This major updates the MinIO® subchart to its newest major, 8.0.0, which now has two separated services for MinIO® Console and MinIO® API. Check [MinIO® Upgrading Notes](https://github.com/bitnami/charts/tree/main/bitnami/minio#to-800) for more information. + +### To 5.4.0 + +This version introduces support for the receiver dual-mode implementation for Thanos [v0.22+](https://github.com/thanos-io/thanos/releases/tag/v0.22.0) + +### To 5.3.0 + +This version introduces hash and time partitioning for the store gateway. + +### To 5.0.0 + +This major update changes the `securityContext` interface in the `values.yaml` file. + +Please note if you have changes in the `securityContext` fields those need to be migrated to `podSecurityContext`. + +```diff +# ... +- securityContext: ++ podSecurityContext: +# ... +``` + +Other than that a new `securityContext` interface for containers got introduced `containerSecurityContext`. It's default is enabled so if you do not need it you need to opt out of it. + +```diff +# ... ++ containerSecurityContext ++ enabled: true # opt out by enabled: false ++ capabilities: ++ drop: ++ - ALL ++ runAsNonRoot: true ++ allowPrivilegeEscalation: false ++ readOnlyRootFilesystem: false +# ... +``` + +### To 4.0.0 + +This major updates the MinIO subchart to its newest major, 7.0.0, which removes previous configuration of `securityContext` and moves to `podSecurityContext` and `containerSecurityContext`. + +### To 3.3.0 + +This version introduces `bitnami/common`, a [library chart](https://helm.sh/docs/topics/library_charts/#helm) as a dependency. More documentation about this new utility could be found [here](https://github.com/bitnami/charts/tree/main/bitnami/common#bitnami-common-library-chart). Please, make sure that you have updated the chart dependencies before executing any upgrade. + +### To 3.1.0 + +The querier component and its settings have been renamed to query. Configuration of the query component by using keys under `querier` in your `values.yaml` will continue to work. Support for keys under `querier` will be dropped in a future release. + +```text +querier.enabled -> query.enabled +querier.logLevel -> query.logLevel +querier.replicaLabel -> query.replicaLabel +querier.dnsDiscovery.enabled -> query.dnsDiscovery.enabled +querier.dnsDiscovery.sidecarsService -> query.dnsDiscovery.sidecarsService +querier.dnsDiscovery.sidecarsNamespace -> query.dnsDiscovery.sidecarsNamespace +querier.stores -> query.stores +querier.sdConfig -> query.sdConfig +querier.existingSDConfigmap -> query.existingSDConfigmap +querier.extraFlags -> query.extraFlags +querier.replicaCount -> query.replicaCount +querier.strategyType -> query.strategyType +querier.affinity -> query.affinity +querier.nodeSelector -> query.nodeSelector +querier.tolerations -> query.tolerations +querier.podLabels -> query.podLabels +querier.priorityClassName -> query.priorityClassName +querier.securityContext.enabled -> query.securityContext.enabled +querier.securityContext.fsGroup -> query.securityContext.fsGroup +querier.securityContext.runAsUser -> query.securityContext.runAsUser +querier.resources.limits -> query.resources.limits +querier.resources.requests -> query.resources.requests +querier.podAnnotations -> query.podAnnotations +querier.livenessProbe -> query.livenessProbe +querier.readinessProbe -> query.readinessProbe +querier.grpcTLS.server.secure -> query.grpcTLS.server.secure +querier.grpcTLS.server.cert -> query.grpcTLS.server.cert +querier.grpcTLS.server.key -> query.grpcTLS.server.key +querier.grpcTLS.server.ca -> query.grpcTLS.server.ca +querier.grpcTLS.client.secure -> query.grpcTLS.client.secure +querier.grpcTLS.client.cert -> query.grpcTLS.client.cert +querier.grpcTLS.client.key -> query.grpcTLS.client.key +querier.grpcTLS.client.ca -> query.grpcTLS.client.ca +querier.grpcTLS.client.servername -> query.grpcTLS.client.servername +querier.service.type -> query.service.type +querier.service.clusterIP -> query.service.clusterIP +querier.service.http.port -> query.service.http.port +querier.service.http.nodePort -> query.service.http.nodePort +querier.service.grpc.port -> query.service.grpc.port +querier.service.grpc.nodePort -> query.service.grpc.nodePort +querier.service.loadBalancerIP -> query.service.loadBalancerIP +querier.service.loadBalancerSourceRanges -> query.service.loadBalancerSourceRanges +querier.service.annotations -> query.service.annotations +querier.service.labelSelectorsOverride -> query.service.labelSelectorsOverride +querier.serviceAccount.annotations -> query.serviceAccount.annotations +querier.rbac.create -> query.rbac.create +querier.pspEnabled -> query.pspEnabled +querier.autoscaling.enabled -> query.autoscaling.enabled +querier.autoscaling.minReplicas -> query.autoscaling.minReplicas +querier.autoscaling.maxReplicas -> query.autoscaling.maxReplicas +querier.autoscaling.targetCPU -> query.autoscaling.targetCPU +querier.autoscaling.targetMemory -> query.autoscaling.targetMemory +querier.pdb.create -> query.pdb.create +querier.pdb.minAvailable -> query.pdb.minAvailable +querier.pdb.maxUnavailable -> query.pdb.maxUnavailable +querier.ingress.enabled -> query.ingress.enabled +querier.ingress.certManager -> query.ingress.certManager +querier.ingress.hostname -> query.ingress.hostname +querier.ingress.annotations -> query.ingress.annotations +querier.ingress.tls -> query.ingress.tls +querier.ingress.extraHosts[0].name -> query.ingress.extraHosts[0].name +querier.ingress.extraHosts[0].path -> query.ingress.extraHosts[0].path +querier.ingress.extraTls[0].hosts[0] -> query.ingress.extraTls[0].hosts[0] +querier.ingress.extraTls[0].secretName -> query.ingress.extraTls[0].secretName +querier.ingress.secrets[0].name -> query.ingress.secrets[0].name +querier.ingress.secrets[0].certificate -> query.ingress.secrets[0].certificate +querier.ingress.secrets[0].key -> query.ingress.secrets[0].key +querier.ingress.grpc.enabled -> query.ingress.grpc.enabled +querier.ingress.grpc.certManager -> query.ingress.grpc.certManager +querier.ingress.grpc.hostname -> query.ingress.grpc.hostname +querier.ingress.grpc.annotations -> query.ingress.grpc.annotations +querier.ingress.grpc.extraHosts[0].name -> query.ingress.grpc.extraHosts[0].name +querier.ingress.grpc.extraHosts[0].path -> query.ingress.grpc.extraHosts[0].path +querier.ingress.grpc.extraTls[0].hosts[0] -> query.ingress.grpc.extraTls[0].hosts[0] +querier.ingress.grpc.extraTls[0].secretName -> query.ingress.grpc.extraTls[0].secretName +querier.ingress.grpc.secrets[0].name -> query.ingress.grpc.secrets[0].name +querier.ingress.grpc.secrets[0].certificate -> query.ingress.grpc.secrets[0].certificate +querier.ingress.grpc.secrets[0].key -> query.ingress.grpc.secrets[0].key +``` + +### To 3.0.0 + +[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. + +### To 2.4.0 + +The Ingress API object name for Querier changes from `{{ include "common.names.fullname" . }}` to `{{ include "common.names.fullname" . }}-querier`. + +> **NOTE**: Which in most cases (depending on any set values in `fullnameOverride` or `nameOverride`) resolves to the used Helm release name (`.Release.Name`). + +### To 2.0.0 + +The format of the chart's `extraFlags` option has been updated to be an array (instead of an object), to support passing multiple flags with the same name to Thanos. + +Now you need to specify the flags in the following way in your values file (where component is one of `querier/bucketweb/compactor/storegateway/ruler`): + +```yaml +component: + ... + extraFlags + - --sync-block-duration=3m + - --chunk-pool-size=2GB +``` + +To specify the values via CLI:: + +```console +--set 'component.extraFlags[0]=--sync-block-duration=3m' --set 'ruler.extraFlags[1]=--chunk-pool-size=2GB' +``` + +### To 1.0.0 + +If you are upgrading from a `<1.0.0` release you need to move your Querier Ingress information to the new values settings: + +```text +ingress.enabled -> querier.ingress.enabled +ingress.certManager -> querier.ingress.certManager +ingress.hostname -> querier.ingress.hostname +ingress.annotations -> querier.ingress.annotations +ingress.extraHosts[0].name -> querier.ingress.extraHosts[0].name +ingress.extraHosts[0].path -> querier.ingress.extraHosts[0].path +ingress.extraHosts[0].hosts[0] -> querier.ingress.extraHosts[0].hosts[0] +ingress.extraHosts[0].secretName -> querier.ingress.extraHosts[0].secretName +ingress.secrets[0].name -> querier.ingress.secrets[0].name +ingress.secrets[0].certificate -> querier.ingress.secrets[0].certificate +ingress.secrets[0].key -> querier.ingress.secrets[0].key +``` + +## License + +Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. \ No newline at end of file diff --git a/charts/thanos/charts/common/.helmignore b/charts/thanos/charts/common/.helmignore new file mode 100644 index 0000000000..d0e10845d2 --- /dev/null +++ b/charts/thanos/charts/common/.helmignore @@ -0,0 +1,26 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +# img folder +img/ +# Changelog +CHANGELOG.md diff --git a/charts/thanos/charts/common/CHANGELOG.md b/charts/thanos/charts/common/CHANGELOG.md new file mode 100644 index 0000000000..05fbd11e95 --- /dev/null +++ b/charts/thanos/charts/common/CHANGELOG.md @@ -0,0 +1,584 @@ +# Changelog + +## 2.20.5 (2024-07-16) + +* [bitnami/common] [bitnami/wordpress] Use global.storageClass for fallback, not override ([#24863](https://github.com/bitnami/charts/pull/24863)) + +## 2.20.4 (2024-07-11) + +* [bitnami/*] Update README changing TAC wording (#27530) ([52dfed6](https://github.com/bitnami/charts/commit/52dfed6bac44d791efabfaf06f15daddc4fefb0c)), closes [#27530](https://github.com/bitnami/charts/issues/27530) +* [bitnami/common] Increase ephemeral-storage default limits (#27902) ([dc0000d](https://github.com/bitnami/charts/commit/dc0000d7b56f68991bb8d8fff473103ed9026f5f)), closes [#27902](https://github.com/bitnami/charts/issues/27902) + +## 2.20.3 (2024-06-17) + +* [bitnami/common] chore: :wrench: Relax large and xlarge presets resource requests (#27312) ([6ca69f6](https://github.com/bitnami/charts/commit/6ca69f6769d0f65acc850fa0bcc08506de50cc41)), closes [#27312](https://github.com/bitnami/charts/issues/27312) + +## 2.20.2 (2024-06-10) + +* [bitnami/common] remove trailing spaces from imagePullSecrets rendering (#26882) ([362d4ac](https://github.com/bitnami/charts/commit/362d4ac94dd69be1b607fc531ceac4d67d8d57ef)), closes [#26882](https://github.com/bitnami/charts/issues/26882) + +## 2.20.1 (2024-06-10) + +* [bitnami/common] improve renderSecurityContext (#27053) ([5f0bdde](https://github.com/bitnami/charts/commit/5f0bdde77cf05afa20cb4a800090748a8d102d02)), closes [#27053](https://github.com/bitnami/charts/issues/27053) + +## 2.20.0 (2024-06-05) + +* [bitnami/*] ci: :construction_worker: Add tag and changelog support (#25359) ([91c707c](https://github.com/bitnami/charts/commit/91c707c9e4e574725a09505d2d313fb93f1b4c0a)), closes [#25359](https://github.com/bitnami/charts/issues/25359) +* [bitnami/common] Capabilities to return latest apiVersion if kubeVersion is undefined (#26758) ([6582c32](https://github.com/bitnami/charts/commit/6582c3237b772af9cb379f7eaceddb2d64b507f0)), closes [#26758](https://github.com/bitnami/charts/issues/26758) +* [bitnami/common] docs: :memo: Add changelog ([23349c9](https://github.com/bitnami/charts/commit/23349c99b70313f3e19ebcf9d3e0c154836b2cc0)) + +## 2.19.3 (2024-05-20) + +* [bitnami/*] Change non-root and rolling-tags doc URLs (#25628) ([b067c94](https://github.com/bitnami/charts/commit/b067c94f6bcde427863c197fd355f0b5ba12ff5b)), closes [#25628](https://github.com/bitnami/charts/issues/25628) +* [bitnami/*] Set new header/owner (#25558) ([8d1dc11](https://github.com/bitnami/charts/commit/8d1dc11f5fb30db6fba50c43d7af59d2f79deed3)), closes [#25558](https://github.com/bitnami/charts/issues/25558) +* [bitnami/common] feat: :sparkles: Show warning when original images are replaced (#25952) ([855045a](https://github.com/bitnami/charts/commit/855045a1a62618154c1216e8da31a4d2c14c7586)), closes [#25952](https://github.com/bitnami/charts/issues/25952) + +## 2.19.2 (2024-04-29) + +* [bitnami/common] Simplify syntax to deal with nullable objects (#25446) ([7dcea6a](https://github.com/bitnami/charts/commit/7dcea6aeb7c45d56bd6175b457bb8a2cddf8defc)), closes [#25446](https://github.com/bitnami/charts/issues/25446) +* Replace VMware by Broadcom copyright text (#25306) ([a5e4bd0](https://github.com/bitnami/charts/commit/a5e4bd0e35e419203793976a78d9d0a13de92c76)), closes [#25306](https://github.com/bitnami/charts/issues/25306) + +## 2.19.1 (2024-03-27) + +* [bitnami/common] chore: :wrench: Relax preset resource requests xlarge and 2xlarge instances (#24713 ([fdd93bb](https://github.com/bitnami/charts/commit/fdd93bb2a2f73a7df3e498b5072736a54610a908)), closes [#24713](https://github.com/bitnami/charts/issues/24713) + +## 2.19.0 (2024-03-08) + +* [bitnami/common] feat: :sparkles: Remove empty seLinuxOptions in adapted Openshift rendered security ([1f2f5ef](https://github.com/bitnami/charts/commit/1f2f5ef476efba7f284df0c36c265216325ffda9)), closes [#24268](https://github.com/bitnami/charts/issues/24268) + +## 2.18.0 (2024-03-04) + +* [bitnami/common] feat: :sparkles: :lock: Add compatibility support for securityContext in Openshift ([8fb0dd4](https://github.com/bitnami/charts/commit/8fb0dd48b6d7ec69bb59db2376365f6d76b26d97)), closes [#24040](https://github.com/bitnami/charts/issues/24040) + +## 2.17.0 (2024-02-20) + +* [bitnami/*] Bump all versions (#23602) ([b70ee2a](https://github.com/bitnami/charts/commit/b70ee2a30e4dc256bf0ac52928fb2fa7a70f049b)), closes [#23602](https://github.com/bitnami/charts/issues/23602) + +## 2.16.1 (2024-02-19) + +* [bitnami/common] chore: :wrench: Bump ephemeral storage limits (#23564) ([18c4d88](https://github.com/bitnami/charts/commit/18c4d88f7d4ae93f36d0896fa66dbe872bba1c48)), closes [#23564](https://github.com/bitnami/charts/issues/23564) + +## 2.16.0 (2024-02-15) + +* [bitnami/common] feat: :sparkles: Add ephemeral-storage to resources preset (#23544) ([23b6856](https://github.com/bitnami/charts/commit/23b68563a0e2e721aa07864cff1b877e1d074388)), closes [#23544](https://github.com/bitnami/charts/issues/23544) + +## 2.15.3 (2024-02-14) + +* [bitnami/common] chore: :pencil2: Fix typo in comment ([d07fb32](https://github.com/bitnami/charts/commit/d07fb324bd6455bf8607f66c642ff346443199ba)) + +## 2.15.2 (2024-02-14) + +* [bitnami/common] fix: :children_crossing: Improve resource warning message (#23425) ([7593e4f](https://github.com/bitnami/charts/commit/7593e4fc69fb8c50f7d626cc305c5adc56d23f48)), closes [#23425](https://github.com/bitnami/charts/issues/23425) + +## 2.15.1 (2024-02-13) + +* [bitnami/common] fix: :bug: Check if section is enabled before printing resource warning ([262b6ee](https://github.com/bitnami/charts/commit/262b6ee64c57a5293333879ec423ad41c44f162c)) + +## 2.15.0 (2024-02-13) + +* [bitnami/*] Fix docs.bitnami.com broken links (#21901) ([f35506d](https://github.com/bitnami/charts/commit/f35506d2dadee4f097986e7792df1f53ab215b5d)), closes [#21901](https://github.com/bitnami/charts/issues/21901) +* [bitnami/*] Move documentation sections from docs.bitnami.com back to the README (#22203) ([7564f36](https://github.com/bitnami/charts/commit/7564f36ca1e95ff30ee686652b7ab8690561a707)), closes [#22203](https://github.com/bitnami/charts/issues/22203) +* [bitnami/*] Update copyright: Year and company (#21815) ([6c4bf75](https://github.com/bitnami/charts/commit/6c4bf75dec58fc7c9aee9f089777b1a858c17d5b)), closes [#21815](https://github.com/bitnami/charts/issues/21815) +* [bitnami/common] feat: :sparkles: Add support for resource presets (#23410) ([310d9f9](https://github.com/bitnami/charts/commit/310d9f9e44cb913a2e482f57107970ed5bde9a69)), closes [#23410](https://github.com/bitnami/charts/issues/23410) + +## 2.14.1 (2023-12-19) + +* [bitnami/common] Fix typo with new line in common.secrets.passwords.manage (#21653) ([7e70463](https://github.com/bitnami/charts/commit/7e704634ef564adac330f1e0a67feb2a40a271dc)), closes [#21653](https://github.com/bitnami/charts/issues/21653) + +## 2.14.0 (2023-12-19) + +* [bitnami/common] add params skipB64enc and skipQuote to common.secrets.passwords.manage (#21595) ([2070eeb](https://github.com/bitnami/charts/commit/2070eeb30bbf48639e0177a42f65a1d13f42a180)), closes [#21595](https://github.com/bitnami/charts/issues/21595) + +## 2.13.4 (2023-12-15) + +* [bitnami/*] Remove relative links to non-README sections, add verification for that and update TL;DR ([1103633](https://github.com/bitnami/charts/commit/11036334d82df0490aa4abdb591543cab6cf7d7f)), closes [#20967](https://github.com/bitnami/charts/issues/20967) +* [bitnami/*] Rename VMware Application Catalog (#20361) ([3acc734](https://github.com/bitnami/charts/commit/3acc73472beb6fb56c4d99f929061001205bc57e)), closes [#20361](https://github.com/bitnami/charts/issues/20361) +* [bitnami/common] fix failOnNew implementation in common.secrets.passwords.manage (#21342) ([76a5f24](https://github.com/bitnami/charts/commit/76a5f248fbceb3d1d948c7e60fbba74fd7eb3200)), closes [#21342](https://github.com/bitnami/charts/issues/21342) +* [bitnami/common] Standardize documentation (#20334) ([3af2426](https://github.com/bitnami/charts/commit/3af242606877aea25c623b4185e6fcd285b7308d)), closes [#20334](https://github.com/bitnami/charts/issues/20334) + +## 2.13.3 (2023-10-17) + +* [bitnami/*] Update Helm charts prerequisites (#19745) ([eb755dd](https://github.com/bitnami/charts/commit/eb755dd36a4dd3cf6635be8e0598f9a7f4c4a554)), closes [#19745](https://github.com/bitnami/charts/issues/19745) +* [bitnami/common]: Address admission configuration typo (#19840) ([9a936f1](https://github.com/bitnami/charts/commit/9a936f158646e101c2507421fdcb85b787bbaf64)), closes [#19840](https://github.com/bitnami/charts/issues/19840) + +## 2.13.2 (2023-10-05) + +* [bitnami/common] update imagePullSecrets to handle map and list format (#19702) ([1d30563](https://github.com/bitnami/charts/commit/1d30563bf53d4c0ac898cf1070af57aa28a039f1)), closes [#19702](https://github.com/bitnami/charts/issues/19702) + +## 2.13.1 (2023-10-04) + +* [bitnami/common] render labels correctly when they contains templates (#19680) ([3cb44e3](https://github.com/bitnami/charts/commit/3cb44e376a472ca6721866b09f6d0ab412338cbc)), closes [#19680](https://github.com/bitnami/charts/issues/19680) + +## 2.13.0 (2023-09-29) + +* [bitnami/common]: Add capabilities macros to manage Pod Security Standard objects (#19428) ([322b76d](https://github.com/bitnami/charts/commit/322b76d6450840f08d53ecfddb5e151cac5c9e88)), closes [#19428](https://github.com/bitnami/charts/issues/19428) + +## 2.12.1 (2023-09-29) + +* [bitnami/common] allow for empty appVersion (#19467) ([8b46a33](https://github.com/bitnami/charts/commit/8b46a3366abc7d216d16ace89675f3fc42691e8f)), closes [#19467](https://github.com/bitnami/charts/issues/19467) + +## 2.12.0 (2023-09-22) + +* [bitnami/common] new macro to checksum config resources (#19261) ([73945fe](https://github.com/bitnami/charts/commit/73945fedfa2acff03fe172430fcc4b8bcf55282f)), closes [#19261](https://github.com/bitnami/charts/issues/19261) +* Revert "Autogenerate schema files (#19194)" (#19335) ([73d80be](https://github.com/bitnami/charts/commit/73d80be525c88fb4b8a54451a55acd506e337062)), closes [#19194](https://github.com/bitnami/charts/issues/19194) [#19335](https://github.com/bitnami/charts/issues/19335) + +## 2.11.1 (2023-09-15) + +* Common - Adding app.kubernetes.io/version to common labels (#17201) ([9c497be](https://github.com/bitnami/charts/commit/9c497be9d99a98a20cd01e5858014e097ebe0eaa)), closes [#17201](https://github.com/bitnami/charts/issues/17201) + +## 2.11.0 (2023-09-12) + +* [bitnami/common] New helper to return image version (#19223) ([db46696](https://github.com/bitnami/charts/commit/db466964c6cfb3368ab87be6bb4d16f74d5c6fd0)), closes [#19223](https://github.com/bitnami/charts/issues/19223) +* Autogenerate schema files (#19194) ([a2c2090](https://github.com/bitnami/charts/commit/a2c2090b5ac97f47b745c8028c6452bf99739772)), closes [#19194](https://github.com/bitnami/charts/issues/19194) + +## 2.10.1 (2023-09-08) + +* [bitnami/common]: Compatiblity with Helm 3.2.0+ (#19177) ([e4fc03d](https://github.com/bitnami/charts/commit/e4fc03d96bef6ab0318d642fb65ba508c49844f1)), closes [#19177](https://github.com/bitnami/charts/issues/19177) + +## 2.10.0 (2023-09-04) + +* [bitnami/common] new macro to merge a list of values with rendering (#18889) ([0fb66f2](https://github.com/bitnami/charts/commit/0fb66f2c6f6828a240a0c1e6857c337bf9f4202a)), closes [#18889](https://github.com/bitnami/charts/issues/18889) + +## 2.9.2 (2023-08-31) + +* Avoid using a tpl when there is no template (#18792) ([134924a](https://github.com/bitnami/charts/commit/134924a260fe2cd758a954f34e89ccb14012f348)), closes [#18792](https://github.com/bitnami/charts/issues/18792) + +## 2.9.1 (2023-08-29) + +* [bitnami/common] Add extraLabelSelectors to affinities templates (#18127) ([b9ecfdb](https://github.com/bitnami/charts/commit/b9ecfdb3421a057b76e6f35f58c26e631c74e686)), closes [#18127](https://github.com/bitnami/charts/issues/18127) + +## 2.9.0 (2023-08-22) + +* [bitnami/common] Add support for customizing standard labels (#18154) ([9a20483](https://github.com/bitnami/charts/commit/9a20483cfd1daa6bfe08fd8116516a9bb5cd9754)), closes [#18154](https://github.com/bitnami/charts/issues/18154) + +## 2.8.0 (2023-08-07) + +* [bitnami/common] Delete app kubernetes version field (#18240) ([5fe3ee4](https://github.com/bitnami/charts/commit/5fe3ee44eed88e9b6843c70cbeb6378194b2276b)), closes [#18240](https://github.com/bitnami/charts/issues/18240) + +## 2.7.0 (2023-08-07) + +* Add app.kubernetes.io/version based on AppVersion (#18194) ([4f698f8](https://github.com/bitnami/charts/commit/4f698f8ac54fc68cd8dab433b7c2d8ffb77a4067)), closes [#18194](https://github.com/bitnami/charts/issues/18194) + +## 2.6.0 (2023-07-04) + +* [bitnami/common] Add scope for common.tplvalues.render (#17033) ([daf1b54](https://github.com/bitnami/charts/commit/daf1b5445a5e1c961ab78673899dd8007b4f1000)), closes [#17033](https://github.com/bitnami/charts/issues/17033) + +## 2.5.0 (2023-06-30) + +* [bitnami/*] Change copyright section in READMEs (#17006) ([ef986a1](https://github.com/bitnami/charts/commit/ef986a1605241102b3dcafe9fd8089e6fc1201ad)), closes [#17006](https://github.com/bitnami/charts/issues/17006) +* [bitnami/common] Update common.secrets.passwords.manage and common.secrets.lookup (#17397) ([5a73cf1](https://github.com/bitnami/charts/commit/5a73cf19f92b93d88ee766669a947375135db903)), closes [#17397](https://github.com/bitnami/charts/issues/17397) +* [bitnami/several] Change copyright section in READMEs (#16989) ([5b6a5cf](https://github.com/bitnami/charts/commit/5b6a5cfb7625a751848a2e5cd796bd7278f406ca)), closes [#16989](https://github.com/bitnami/charts/issues/16989) +* Add copyright header (#17300) ([da68be8](https://github.com/bitnami/charts/commit/da68be8e951225133c7dfb572d5101ca3d61c5ae)), closes [#17300](https://github.com/bitnami/charts/issues/17300) +* Update charts readme (#17217) ([31b3c0a](https://github.com/bitnami/charts/commit/31b3c0afd968ff4429107e34101f7509e6a0e913)), closes [#17217](https://github.com/bitnami/charts/issues/17217) + +## 2.4.0 (2023-05-18) + +* [bitnami/common] feat: :sparkles: Add apiVersions for DaemonSet and VPA ([a86cfaf](https://github.com/bitnami/charts/commit/a86cfaf0acb7cc26a7a91256f4b76db8f31797ef)) + +## 2.3.0 (2023-05-12) + +* Add wording for enterprise page (#16560) ([8f22774](https://github.com/bitnami/charts/commit/8f2277440b976d52785ba9149762ad8620a73d1f)), closes [#16560](https://github.com/bitnami/charts/issues/16560) +* Remove duplicate in image pull secrets (#16529) ([ddfea70](https://github.com/bitnami/charts/commit/ddfea70831875639cb298a555ad6dd5e68f059e4)), closes [#16529](https://github.com/bitnami/charts/issues/16529) + +## 2.2.6 (2023-05-09) + +* [bitnami/several] Adapt Chart.yaml to set desired OCI annotations (#16546) ([fc9b18f](https://github.com/bitnami/charts/commit/fc9b18f2e98805d4df629acbcde696f44f973344)), closes [#16546](https://github.com/bitnami/charts/issues/16546) + +## 2.2.5 (2023-05-02) + +* [bitnami/*] Make Helm charts 100% OCI (#15998) ([8841510](https://github.com/bitnami/charts/commit/884151035efcbf2e1b3206e7def85511073fb57d)), closes [#15998](https://github.com/bitnami/charts/issues/15998) +* [bitnami/common] Fix typo in README.md to test chart publishing from GitHub (#16143) ([5b05ec3](https://github.com/bitnami/charts/commit/5b05ec32caa73240d38135e19501ab2658397d2e)), closes [#16143](https://github.com/bitnami/charts/issues/16143) + +## 2.2.4 (2023-03-07) + +* [bitnami/*] Fix markdown linter issues (#14874) ([a51e0e8](https://github.com/bitnami/charts/commit/a51e0e8d35495b907f3e70dd2f8e7c3bcbf4166a)), closes [#14874](https://github.com/bitnami/charts/issues/14874) +* [bitnami/*] Fix markdown linter issues 2 (#14890) ([aa96572](https://github.com/bitnami/charts/commit/aa9657237ee8df4a46db0d7fdf8a23230dd6902a)), closes [#14890](https://github.com/bitnami/charts/issues/14890) +* [bitnami/common] Allow empty registry name (#15296) ([f13df7b](https://github.com/bitnami/charts/commit/f13df7b00f38e5fce67eab7a1b78afb0b064344e)), closes [#15296](https://github.com/bitnami/charts/issues/15296) + +## 2.2.3 (2023-02-03) + +* [bitnami/*] Add license annotation and remove obsolete engine parameter (#14293) ([da2a794](https://github.com/bitnami/charts/commit/da2a7943bae95b6e9b5b4ed972c15e990b69fdb0)), closes [#14293](https://github.com/bitnami/charts/issues/14293) +* [bitnami/*] Change copyright date (#14682) ([add4ec7](https://github.com/bitnami/charts/commit/add4ec701108ac36ed4de2dffbdf407a0d091067)), closes [#14682](https://github.com/bitnami/charts/issues/14682) +* [bitnami/*] Change licenses annotation format (#14377) ([0ab7608](https://github.com/bitnami/charts/commit/0ab760862c660fcc78cffadf8e1d8cdd70881473)), closes [#14377](https://github.com/bitnami/charts/issues/14377) +* [bitnami/*] Unify READMEs (#14472) ([2064fb8](https://github.com/bitnami/charts/commit/2064fb8dcc78a845cdede8211af8c3cc52551161)), closes [#14472](https://github.com/bitnami/charts/issues/14472) +* [bitnami/common] chore: Correct common.images.image global in example (#14735) ([69ada7d](https://github.com/bitnami/charts/commit/69ada7da0c9c6b7ce718faef6920c61e3632fd02)), closes [#14735](https://github.com/bitnami/charts/issues/14735) + +## 2.2.2 (2022-12-12) + +* [bitnami/common] resolve namespace using common.names.namespace macro (#13481) ([35b84e8](https://github.com/bitnami/charts/commit/35b84e8ba209681d4f160ca102188af61307fccf)), closes [#13481](https://github.com/bitnami/charts/issues/13481) + +## 2.2.1 (2022-11-25) + +* [bitnami/common] fix common topology key affinity function (#13593) ([f95dec8](https://github.com/bitnami/charts/commit/f95dec803bd138b76d67a296545974c5a644d63e)), closes [#13593](https://github.com/bitnami/charts/issues/13593) + +## 2.2.0 (2022-11-14) + +* [bitnami/common] affinity topologyKey override (#13435) ([624c14e](https://github.com/bitnami/charts/commit/624c14e7121557e6a29ff0e814cb800c2f3cf619)), closes [#13435](https://github.com/bitnami/charts/issues/13435) +* [bitnami/common] Fixed naming of common.secrets.passwords.manage function in README (#13250) ([39a8bcb](https://github.com/bitnami/charts/commit/39a8bcbb1b606cc165643ae4ddcdc15f05e91583)), closes [#13250](https://github.com/bitnami/charts/issues/13250) + +## 2.1.2 (2022-10-31) + +* [bitnami/common] Do not explicitly specify namespace in affinity term. (#12932) ([638a48e](https://github.com/bitnami/charts/commit/638a48e4d3ec7b5d160f4b525ec40218512c464b)), closes [#12932](https://github.com/bitnami/charts/issues/12932) [/kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#podaffinityterm-v1](https://github.com//kubernetes.io/docs/reference/generated/kubernetes-api/v1.23//issues/podaffinityterm-v1) [#12668](https://github.com/bitnami/charts/issues/12668) + +## 2.1.1 (2022-10-27) + +* [bitnami/common] Fix appVersion mismatch (#13189) ([42b3b3e](https://github.com/bitnami/charts/commit/42b3b3e6c68e6af8ba19f7ec42be0d71b4c21852)), closes [#13189](https://github.com/bitnami/charts/issues/13189) + +## 2.1.0 (2022-10-27) + +* [bitnami/common] Add new function 'common.secrets.lookup' (#13150) ([e848934](https://github.com/bitnami/charts/commit/e84893410321b88adbd7d2e40b891685a15ce640)), closes [#13150](https://github.com/bitnami/charts/issues/13150) + +## 2.0.4 (2022-10-24) + +* [bitnami/*] Use new default branch name in links (#12943) ([a529e02](https://github.com/bitnami/charts/commit/a529e02597d49d944eba1eb0f190713293247176)), closes [#12943](https://github.com/bitnami/charts/issues/12943) +* [bitnami/common] kubernetes.io/tls-acme Ingress annotation triggers IngressTLS array (#13054) ([2008857](https://github.com/bitnami/charts/commit/200885790b34afd6fd04ea45949c887a907b6b38)), closes [#13054](https://github.com/bitnami/charts/issues/13054) +* [bitnami/common] quote secret value when lookup (#11276) ([c8e3019](https://github.com/bitnami/charts/commit/c8e301965f05996a2ae18e0fc8dbfcbe64428356)), closes [#11276](https://github.com/bitnami/charts/issues/11276) + +## 2.0.3 (2022-09-12) + +* [bitnami/common] Revert changes in HPA context from #12282 (#12372) ([55fdc3a](https://github.com/bitnami/charts/commit/55fdc3aff3e32502abfd8f0607ac2be54e585744)), closes [#12282](https://github.com/bitnami/charts/issues/12282) [#12372](https://github.com/bitnami/charts/issues/12372) + +## 2.0.2 (2022-09-05) + +* fix context for HPA util (#12282) ([ccd54a0](https://github.com/bitnami/charts/commit/ccd54a0d47a96903f499fbcdb52a336863020efe)), closes [#12282](https://github.com/bitnami/charts/issues/12282) + +## 2.0.1 (2022-08-23) + +* [bitnami/common] Digest/Tag new approach backward compatible (#12029) ([f1c27dc](https://github.com/bitnami/charts/commit/f1c27dc5d9540c2ea192abf1245da67f5b4f8916)), closes [#12029](https://github.com/bitnami/charts/issues/12029) + +## 2.0.0 (2022-08-18) + +* [bitnami/common] MAJOR: Add support for image digest apart from tag (#11830) ([e3fee4e](https://github.com/bitnami/charts/commit/e3fee4e41d34a6584660c3b77b8521922603ccab)), closes [#11830](https://github.com/bitnami/charts/issues/11830) + +## 1.17.1 (2022-08-18) + +* Revert changes from #11797 (#11829) ([22bb033](https://github.com/bitnami/charts/commit/22bb033224176c498920596c8d8b25b5f60a277d)), closes [#11797](https://github.com/bitnami/charts/issues/11797) [#11829](https://github.com/bitnami/charts/issues/11829) + +## 1.17.0 (2022-08-18) + +* [bitnami/common] Add support for image digest apart from tag (#11797) ([b069345](https://github.com/bitnami/charts/commit/b0693450f653318ac7da64575dac389d7041b69f)), closes [#11797](https://github.com/bitnami/charts/issues/11797) + +## 1.16.1 (2022-07-13) + +* [bitnami/*] Replace Kubeapps URL in READMEs (and kubeapps Chart.yaml) and remove BKPR references (#1 ([c6a7914](https://github.com/bitnami/charts/commit/c6a7914361e5aea6016fb45bf4d621edfd111d32)), closes [#10600](https://github.com/bitnami/charts/issues/10600) +* [bitnami/common] Affinities section does not use common.names.namespace (#11137) ([b70c24c](https://github.com/bitnami/charts/commit/b70c24c82c7a9112a4288441ad1fa8c035bb68b4)), closes [#11137](https://github.com/bitnami/charts/issues/11137) + +## 1.16.0 (2022-06-03) + +* [bitnami/common] Add mysql validation (#10565) ([75ae79a](https://github.com/bitnami/charts/commit/75ae79a434137694fd82198abe1f861d6e5a04ba)), closes [#10565](https://github.com/bitnami/charts/issues/10565) + +## 1.15.2 (2022-06-02) + +* Update Redis trademark references ([2cada87](https://github.com/bitnami/charts/commit/2cada87ed4967d5cb578b0409a0bb1edee79029a)) + +## 1.15.1 (2022-06-01) + +* [bitnami/several] Replace maintainers email by url (#10523) ([ff3cf61](https://github.com/bitnami/charts/commit/ff3cf617a1680509b0f3855d17c4ccff7b29a0ff)), closes [#10523](https://github.com/bitnami/charts/issues/10523) + +## 1.15.0 (2022-06-01) + +* Add common function common.names.fullname.namespace (#10462) ([96f447c](https://github.com/bitnami/charts/commit/96f447cd8654b6db51d9301c841bacb3a13089b3)), closes [#10462](https://github.com/bitnami/charts/issues/10462) + +## 1.14.2 (2022-05-30) + +* [bitnami/common] use -d flag for base64 (#10491) ([ca8d588](https://github.com/bitnami/charts/commit/ca8d5886a1bc0fb37d1bc770ad2333acdffd7996)), closes [#10491](https://github.com/bitnami/charts/issues/10491) [#10486](https://github.com/bitnami/charts/issues/10486) + +## 1.14.1 (2022-05-20) + +* Differentiate between autoscaling v1beta1 and v1beta2 (#10331) ([16d8a4e](https://github.com/bitnami/charts/commit/16d8a4ee73705ee6db2191d84e03a2ba3ea95deb)), closes [#10331](https://github.com/bitnami/charts/issues/10331) + +## 1.14.0 (2022-05-13) + +* [bitnami/common] Add common function for HPA api version (#10174) ([4379ab5](https://github.com/bitnami/charts/commit/4379ab56bd8f4d7f7b7817bf302c683bf9087e81)), closes [#10174](https://github.com/bitnami/charts/issues/10174) + +## 1.13.1 (2022-04-19) + +* Fix affinities identifier in README.md for common chart (#9821) ([fe95640](https://github.com/bitnami/charts/commit/fe95640ce3f5ddfb0458f440959ceda3a849a3a4)), closes [#9821](https://github.com/bitnami/charts/issues/9821) + +## 1.13.0 (2022-03-24) + +* [bitnami/common] Add apiService.apiVersion function to common.capabilities (#9562) ([bba2272](https://github.com/bitnami/charts/commit/bba227223e15937bb1f29f77425f6bd7d9238c02)), closes [#9562](https://github.com/bitnami/charts/issues/9562) + +## 1.12.0 (2022-03-16) + +* [bitnami/common] Helper to allow overriding namespace name (#9396) ([794fecb](https://github.com/bitnami/charts/commit/794fecb8cb112e8e5e9d55420451752e8bd21431)), closes [#9396](https://github.com/bitnami/charts/issues/9396) + +## 1.11.3 (2022-03-03) + +* [bitnami/common] Improve docs for passwords.manage (#9269) ([0d06114](https://github.com/bitnami/charts/commit/0d061147a5b7c7cf2bf44d2b61603ffeb48a0b51)), closes [#9269](https://github.com/bitnami/charts/issues/9269) + +## 1.11.2 (2022-02-28) + +* [bitnami/common] README: Fixed the desscription for `common.labels.matchLabels` (#9062) ([7f17db7](https://github.com/bitnami/charts/commit/7f17db7e9bcdd7918bde322b3b76a62c6a86e752)), closes [#9062](https://github.com/bitnami/charts/issues/9062) [bitnami/charts#9060](https://github.com/bitnami/charts/issues/9060) [bitnami/charts#9060](https://github.com/bitnami/charts/issues/9060) + +## 1.11.1 (2022-02-02) + +* [bitnami/common] Improve "common.secrets.passwords.manage" helper (#8861) ([01477b4](https://github.com/bitnami/charts/commit/01477b42f2be362388d69da913879c52f2250ac1)), closes [#8861](https://github.com/bitnami/charts/issues/8861) + +## 1.11.0 (2022-02-01) + +* [bitnami/common] Add ingress helper to detect cert-manager annotations (#8857) ([c0c986f](https://github.com/bitnami/charts/commit/c0c986f8d5c911c09dc84d289d2993ae1779a6ca)), closes [#8857](https://github.com/bitnami/charts/issues/8857) + +## 1.10.4 (2022-01-20) + +* [bitnami/several] Add license to the README ([05f7633](https://github.com/bitnami/charts/commit/05f763372501d596e57db713dd53ff4ff3027cc4)) +* [bitnami/several] Add license to the README ([32fb238](https://github.com/bitnami/charts/commit/32fb238e60a0affc6debd3142eaa3c3d9089ec2a)) +* [bitnami/several] Add license to the README ([b87c2f7](https://github.com/bitnami/charts/commit/b87c2f7899d48a8b02c506765e6ae82937e9ba3f)) +* [bitnami/several] Change prerequisites (#8725) ([8d740c5](https://github.com/bitnami/charts/commit/8d740c566cfdb7e2d933c40128b4e919fce953a5)), closes [#8725](https://github.com/bitnami/charts/issues/8725) + +## 1.10.3 (2021-11-29) + +* [bitnami/common] fix: :bug: Add extra check for "\"\"" values in existing secrets (#8266) ([de27be6](https://github.com/bitnami/charts/commit/de27be6e649472608f076a04a36be3674fe3b84e)), closes [#8266](https://github.com/bitnami/charts/issues/8266) + +## 1.10.2 (2021-11-29) + +* [bitnami/several] Replace HTTP by HTTPS when possible (#8259) ([eafb5bd](https://github.com/bitnami/charts/commit/eafb5bd5a2cc3aaf04fc1e8ebedd73f420d76864)), closes [#8259](https://github.com/bitnami/charts/issues/8259) + +## 1.10.1 (2021-10-27) + +* [bitnami/*] Mark PodSecurityPolicy resources as deprecated (#7948) ([5cac753](https://github.com/bitnami/charts/commit/5cac7539dcb6c3baef06ed6676bfa99c16fdb5fe)), closes [#7948](https://github.com/bitnami/charts/issues/7948) + +## 1.10.0 (2021-09-30) + +* [bitnami/common] Add new capability helper for Network Policies (#7658) ([3efb1ca](https://github.com/bitnami/charts/commit/3efb1cac924409cbda3216a2300cce031c56a1f5)), closes [#7658](https://github.com/bitnami/charts/issues/7658) + +## 1.9.1 (2021-09-22) + +* [bitnami/common] fix readme for common chart (#7577) ([3f06bdd](https://github.com/bitnami/charts/commit/3f06bdd8df1c00dbdf27230bcdf925c337826abb)), closes [#7577](https://github.com/bitnami/charts/issues/7577) +* Fix typo in bitname/common README (#7529) ([fccffb3](https://github.com/bitnami/charts/commit/fccffb33391751a1bf84c53184cffe0dcac83fd6)), closes [#7529](https://github.com/bitnami/charts/issues/7529) + +## 1.9.0 (2021-09-13) + +* [bitnami/common] Add new dependency fullname template (#7471) ([7ca2a4b](https://github.com/bitnami/charts/commit/7ca2a4bb917ac6a276a6b30be12538f4c7c3a63d)), closes [#7471](https://github.com/bitnami/charts/issues/7471) + +## 1.8.0 (2021-08-04) + +* Add cronjob apiVersion capability (#7122) ([7b84a67](https://github.com/bitnami/charts/commit/7b84a674ae99fd8ddac3b5b3c859c816b87aaf51)), closes [#7122](https://github.com/bitnami/charts/issues/7122) + +## 1.7.1 (2021-07-27) + +* [bitnami/*] Adapt values.yaml of common library, Tomcat, Wavefront and ZooKeeper charts (#6970) ([fb2693b](https://github.com/bitnami/charts/commit/fb2693bfe67a154b159d3998232cc613e1706c70)), closes [#6970](https://github.com/bitnami/charts/issues/6970) +* [bitnami/several] Bump version and update READMEs (#7069) ([6340bff](https://github.com/bitnami/charts/commit/6340bff66f93c8c797bda3ca0842e4bf770059f1)), closes [#7069](https://github.com/bitnami/charts/issues/7069) +* Replace strings with ™ in the README files (#7066) ([d298b49](https://github.com/bitnami/charts/commit/d298b4996da33c9580c2594e6dc8ad665dd0ebab)), closes [#7066](https://github.com/bitnami/charts/issues/7066) + +## 1.7.0 (2021-07-02) + +* [bitnami/common] Add supportIngressClassname (#6828) ([0c8a455](https://github.com/bitnami/charts/commit/0c8a45546a219b4b4cd370daf0643543c92739b0)), closes [#6828](https://github.com/bitnami/charts/issues/6828) + +## 1.6.1 (2021-06-16) + +* [bitnami/common] extend common.labels.matchLabels with .Values.extraMatchLabels (#6589) ([66edf04](https://github.com/bitnami/charts/commit/66edf04e3e244c343a845f9c684edf4c8ea04406)), closes [#6589](https://github.com/bitnami/charts/issues/6589) + +## 1.6.0 (2021-06-15) + +* bitnami/common: add version detection for policy api (#6662) ([dcacf06](https://github.com/bitnami/charts/commit/dcacf06f6f2b6d622e2226935db22d5b8efa20b3)), closes [#6662](https://github.com/bitnami/charts/issues/6662) + +## 1.5.2 (2021-05-21) + +* [bitnami/common] Update _ingress.tpl (#6437) ([9048150](https://github.com/bitnami/charts/commit/90481508542c4da588e0d71944592e6c4e8d36e4)), closes [#6437](https://github.com/bitnami/charts/issues/6437) + +## 1.5.1 (2021-05-14) + +* Node affinity values must be quoted. (#6348) ([f73efbe](https://github.com/bitnami/charts/commit/f73efbe074436eda6276bbf32c781fa913c6a17a)), closes [#6348](https://github.com/bitnami/charts/issues/6348) + +## 1.5.0 (2021-05-13) + +* [bitnami/common] pull secrets rendering (#6286) ([dfffe74](https://github.com/bitnami/charts/commit/dfffe74c212a28e27f537dbee54c3b5a81c7d572)), closes [#6286](https://github.com/bitnami/charts/issues/6286) + +## 1.4.3 (2021-04-26) + +* [bitnami/common] Update Redis validation's helper (#6192) ([1e3bf03](https://github.com/bitnami/charts/commit/1e3bf03e3aad56fd4dc159744626e25ec24c5772)), closes [#6192](https://github.com/bitnami/charts/issues/6192) + +## 1.4.2 (2021-03-25) + +* [bitnami/common] Common credential error (#5884) ([328ca86](https://github.com/bitnami/charts/commit/328ca863515f6ef9fe188c71110be7b951719d66)), closes [#5884](https://github.com/bitnami/charts/issues/5884) + +## 1.4.1 (2021-02-23) + +* [bitnami/common] Add possibility to pull images without giving registry name (#5582) ([15ca275](https://github.com/bitnami/charts/commit/15ca27520a16b590101fa39195f55017e2935a90)), closes [#5582](https://github.com/bitnami/charts/issues/5582) + +## 1.4.0 (2021-02-22) + +* [bitnami/common] Add RBAC/CRD apiVersion support for versions 1.22+ (#5583) ([fda87aa](https://github.com/bitnami/charts/commit/fda87aabcd004f9a67549f5d22d273dd9fff6836)), closes [#5583](https://github.com/bitnami/charts/issues/5583) + +## 1.3.9 (2021-02-09) + +* Add registered icon to all the MongoDB references (#5426) ([56f2088](https://github.com/bitnami/charts/commit/56f20884267e56175695b2917f7704b9510f4ba6)), closes [#5426](https://github.com/bitnami/charts/issues/5426) + +## 1.3.8 (2021-02-03) + +* fix(common): quote namespace name (#5363) ([d27fb5e](https://github.com/bitnami/charts/commit/d27fb5e0b327728bb4304503376aaa4d2ab50619)), closes [#5363](https://github.com/bitnami/charts/issues/5363) + +## 1.3.7 (2021-01-20) + +* [bitnami/*] Change helm version in the prerequisites (#5090) ([c5e67a3](https://github.com/bitnami/charts/commit/c5e67a388743cbee28439d2cabca27884b9daf97)), closes [#5090](https://github.com/bitnami/charts/issues/5090) +* [bitnami/common] Remove helm version checker from secret helper (#5156) ([20231b1](https://github.com/bitnami/charts/commit/20231b138fae524371e6b29504acd4cbd19ce697)), closes [#5156](https://github.com/bitnami/charts/issues/5156) + +## 1.3.6 (2021-01-18) + +* [bitnami/common] same behavior with empty string when the secret obje… (#5057) ([0bae2bb](https://github.com/bitnami/charts/commit/0bae2bbb9b42c5a8dd2b8a144ffa55ace1c8a936)), closes [#5057](https://github.com/bitnami/charts/issues/5057) + +## 1.3.5 (2021-01-17) + +* [bitnami/common] fix wrong include reference (#5056) ([11efd59](https://github.com/bitnami/charts/commit/11efd59177419d4177e59800f04b4f26ab7243f8)), closes [#5056](https://github.com/bitnami/charts/issues/5056) + +## 1.3.4 (2021-01-15) + +* [bitnami/common] Fix lookup function backward compatibility and README (#5018) ([14a0042](https://github.com/bitnami/charts/commit/14a0042dc90c01fd38f814e1e43559384a3baa9f)), closes [#5018](https://github.com/bitnami/charts/issues/5018) + +## 1.3.3 (2021-01-14) + +* [bitnami/several] Add Redis trademark (#5023) ([dfa89b8](https://github.com/bitnami/charts/commit/dfa89b865989da26a3c73f397fd3c402dd56ebe8)), closes [#5023](https://github.com/bitnami/charts/issues/5023) + +## 1.3.2 (2021-01-13) + +* [bitnami/common] Add missing else statement to ingress apiversion ([22ab07a](https://github.com/bitnami/charts/commit/22ab07ac7d39d4153cc839de2b714086e99cfc04)) + +## 1.3.1 (2021-01-13) + +* [bitnami/common] Fix cases where ingress is not at the root (#4984) ([e447d9d](https://github.com/bitnami/charts/commit/e447d9d2205fc3f2f6cd990386a691fd9204b214)), closes [#4984](https://github.com/bitnami/charts/issues/4984) + +## 1.3.0 (2021-01-13) + +* [bitnami/*] POC Lookup function implementation (#4831) ([240dc1b](https://github.com/bitnami/charts/commit/240dc1bea80a3e121fd595636496d7941bdbc5e0)), closes [#4831](https://github.com/bitnami/charts/issues/4831) + +## 1.2.3 (2020-12-31) + +* [bitnami/common] Fix incorrect backend calculation for networking/v1beta1 ([c59b869](https://github.com/bitnami/charts/commit/c59b86919f47504bc8fd06f75a024f55e58ace77)) + +## 1.2.2 (2020-12-30) + +* [bitnami/common] Fix typo in common.capabilities.kubeVersion ([a371b73](https://github.com/bitnami/charts/commit/a371b734b854aa81a7dec16c40d061f5e9a14875)) + +## 1.2.1 (2020-12-30) + +* [bitnami/common] Fix issue with global kubeversion calculation ([0bbb339](https://github.com/bitnami/charts/commit/0bbb339d60b41ab978e759863709ebb1451d07a4)) + +## 1.2.0 (2020-12-30) + +* [bitnami/common] Make ingress rules compatible with all Kubernetes versions (#4859) ([2b22a21](https://github.com/bitnami/charts/commit/2b22a217020fe3d16ef98fdcdd4a562c43f9824a)), closes [#4859](https://github.com/bitnami/charts/issues/4859) + +## 1.1.4 (2020-12-23) + +* [bitnami/common] fix: moving kube version comparison (#4804) ([cdb6ae8](https://github.com/bitnami/charts/commit/cdb6ae8f00d114f0998c604416b79f62dc27f19d)), closes [#4804](https://github.com/bitnami/charts/issues/4804) + +## 1.1.3 (2020-12-18) + +* [bitnami/*] fix typos (#4699) ([49adc63](https://github.com/bitnami/charts/commit/49adc63b672da976c55af2e077aa5648a357b77f)), closes [#4699](https://github.com/bitnami/charts/issues/4699) +* [bitnami/common] Adding networking apiVersion support for versions 1.19+ (#4776) ([5ed8c54](https://github.com/bitnami/charts/commit/5ed8c54f5e0a905effc4c1ae5c4931e6669cec30)), closes [#4776](https://github.com/bitnami/charts/issues/4776) + +## 1.1.2 (2020-12-11) + +* [bitnami/common] Fix node affinity templates (#4692) ([5b51a5c](https://github.com/bitnami/charts/commit/5b51a5c004b062282849a4abaaffd6840bb6c95f)), closes [#4692](https://github.com/bitnami/charts/issues/4692) + +## 1.1.1 (2020-11-26) + +* fix: mongodb validation auth (#4506) ([ca3fdfb](https://github.com/bitnami/charts/commit/ca3fdfbeebeba5bd7dfa4805e1ca2411e5950b09)), closes [#4506](https://github.com/bitnami/charts/issues/4506) + +## 1.1.0 (2020-11-26) + +* [bitnami/common] Add mongodb validation template (#4497) ([14ece96](https://github.com/bitnami/charts/commit/14ece96c801a7326935b6269423d8854fed3a49e)), closes [#4497](https://github.com/bitnami/charts/issues/4497) + +## 1.0.1 (2020-11-19) + +* [bitnami/common] existingSecret is in auth map (#4389) ([de9b217](https://github.com/bitnami/charts/commit/de9b2177465e1c56ca2aa1c4c486bd37a7104d7a)), closes [#4389](https://github.com/bitnami/charts/issues/4389) + +## 1.0.0 (2020-11-10) + +* bitnami/common Major version. Adapt Chart to apiVersion: v2 (#4258) ([09dbc45](https://github.com/bitnami/charts/commit/09dbc45d11c5e8fe65d6eb64dbf51571ad2c7464)), closes [#4258](https://github.com/bitnami/charts/issues/4258) + +## 0.10.0 (2020-10-27) + +* [bitnami/common] feat: add cassandra passwords validations (#4110) ([b4923d4](https://github.com/bitnami/charts/commit/b4923d48018dff1673a32eefcc0d62eb484b36da)), closes [#4110](https://github.com/bitnami/charts/issues/4110) + +## 0.9.0 (2020-10-21) + +* [bitnami/common] feat: add redis passwords validations (#4070) ([0daa8d5](https://github.com/bitnami/charts/commit/0daa8d580c06e18d94dbc0e88467347a34418596)), closes [#4070](https://github.com/bitnami/charts/issues/4070) + +## 0.8.2 (2020-10-14) + +* [bitnami/common] Allow backward compatibility for existingSecret (#4006) ([aa2b3a1](https://github.com/bitnami/charts/commit/aa2b3a18610c69b2f5c76b839483db43fa3c093c)), closes [#4006](https://github.com/bitnami/charts/issues/4006) + +## 0.8.1 (2020-10-05) + +* [bitnami/common] Fix secret name bug with defaulNameSuffix. (#3888) ([d114d44](https://github.com/bitnami/charts/commit/d114d446ef86cb6e7a72de6542905ec3b07d3684)) + +## 0.8.0 (2020-10-02) + +* [bitnami/common] Add statefulset capabilities and prepare MariaDB passwords validation for new forma ([1eb4436](https://github.com/bitnami/charts/commit/1eb44366a72e39e84e33bed1a4940c1b2c6025fc)), closes [#3859](https://github.com/bitnami/charts/issues/3859) + +## 0.7.1 (2020-09-22) + +* [bitnami/common] fix: evaluate enabled as string (#3733) ([048cdae](https://github.com/bitnami/charts/commit/048cdae5488cfcfe83ec698afaa8318aa3b1d0ca)), closes [#3733](https://github.com/bitnami/charts/issues/3733) + +## 0.7.0 (2020-09-22) + +* [bitnami/metrics-server] Add source repo (#3577) ([1ed12f9](https://github.com/bitnami/charts/commit/1ed12f96af75322b46afdb2b3d9907c11b13f765)), closes [#3577](https://github.com/bitnami/charts/issues/3577) +* PoC for pods' affinity (#3713) ([9e6a915](https://github.com/bitnami/charts/commit/9e6a915392979f0c0148875f34cca1c27e399b59)), closes [#3713](https://github.com/bitnami/charts/issues/3713) + +## 0.6.2 (2020-09-01) + +* [bitnami/common] fix: wrong use of append function (#3566) ([c912fd0](https://github.com/bitnami/charts/commit/c912fd0b7378bf2d5d56182e6d2fa6bbd74df46f)), closes [#3566](https://github.com/bitnami/charts/issues/3566) + +## 0.6.1 (2020-08-31) + +* [bitnami/common] fix: mariadb checks secret fields after check enabled (#3565) ([498056a](https://github.com/bitnami/charts/commit/498056ad16a6e89aa3b7cc231da7467ab5bd3986)), closes [#3565](https://github.com/bitnami/charts/issues/3565) + +## 0.6.0 (2020-08-19) + +* [bitnami/mariadb] Require password option at secret resource (#3411) ([a8d2464](https://github.com/bitnami/charts/commit/a8d24643756470d0280fc585b01397358c1c242d)), closes [#3411](https://github.com/bitnami/charts/issues/3411) + +## 0.5.2 (2020-08-19) + +* [bitnami/common] fix: add global parameters to postgres validation (#3460) ([1c52a2a](https://github.com/bitnami/charts/commit/1c52a2a48ea65024a753eb5b32deadd46650fb18)), closes [#3460](https://github.com/bitnami/charts/issues/3460) + +## 0.5.1 (2020-08-10) + +* fix(common): missing $ in required values helpers (#3376) ([c972152](https://github.com/bitnami/charts/commit/c972152762c14c5ab5e3847a4870f4f4f2a31224)), closes [#3376](https://github.com/bitnami/charts/issues/3376) + +## 0.5.0 (2020-08-10) + +* [bitnami/common] add psql and mysql required password validations (#3374) ([1a4419e](https://github.com/bitnami/charts/commit/1a4419e15d985f67413beff98c9fc9b9f69108fb)), closes [#3374](https://github.com/bitnami/charts/issues/3374) + +## 0.4.0 (2020-08-04) + +* [bitnami/*] Fix TL;DR typo in READMEs (#3280) ([3d7ab40](https://github.com/bitnami/charts/commit/3d7ab406fecd64f1af25f53e7d27f03ec95b29a4)), closes [#3280](https://github.com/bitnami/charts/issues/3280) +* [bitnami/all] Add categories (#3075) ([63bde06](https://github.com/bitnami/charts/commit/63bde066b87a140fab52264d0522401ab3d63509)), closes [#3075](https://github.com/bitnami/charts/issues/3075) +* Add common helpers to check secrets when upgrade (#3150) ([5a5807c](https://github.com/bitnami/charts/commit/5a5807c1b1db1f2337f6aa5308d3ff73a4329e6a)), closes [#3150](https://github.com/bitnami/charts/issues/3150) + +## 0.3.1 (2020-06-05) + +* [bitnami/several] Fix table rendering in some hubs (#2770) ([fe9fd8c](https://github.com/bitnami/charts/commit/fe9fd8c261195385aae73e165ac6c1a666fef08e)), closes [#2770](https://github.com/bitnami/charts/issues/2770) + +## 0.3.0 (2020-06-02) + +* [bitnami/common]: add template function for ingress apiVersion (#2732) ([a968a50](https://github.com/bitnami/charts/commit/a968a50916ed9fa6f823a5a3ef6e4b98d615322f)), closes [#2732](https://github.com/bitnami/charts/issues/2732) + +## 0.2.4 (2020-05-29) + +* [bitnami/common] Bump chart version (#2707) ([ff2c37a](https://github.com/bitnami/charts/commit/ff2c37a576191f4523c7f69504aea669ab68aba8)), closes [#2707](https://github.com/bitnami/charts/issues/2707) +* [bitnami/several] Fix trailing spaces to make helm lint work on all of them (#2705) ([bafba3f](https://github.com/bitnami/charts/commit/bafba3fc8b8949897ad2d99d437bd8fc975223e4)), closes [#2705](https://github.com/bitnami/charts/issues/2705) + +## 0.2.3 (2020-05-26) + +* fix(common): add name attribute to imagePullSecrets helper (#2664) ([1ea21a9](https://github.com/bitnami/charts/commit/1ea21a92a8f44bd0d82d0fd4ed30108a89cf5b34)), closes [#2664](https://github.com/bitnami/charts/issues/2664) + +## 0.2.2 (2020-05-19) + +* update bitnami/common to be compatible with helm v2.12+ (#2615) ([c7751eb](https://github.com/bitnami/charts/commit/c7751eb5764e468e1854b58a1b8491d2b13e0a4a)), closes [#2615](https://github.com/bitnami/charts/issues/2615) + +## 0.2.1 (2020-05-13) + +* bump bitnami/common version number (#2580) ([1bd1e7b](https://github.com/bitnami/charts/commit/1bd1e7bc776614b6ae10f21e9c8b23fe15db5ff4)), closes [#2580](https://github.com/bitnami/charts/issues/2580) + +## 0.2.0 (2020-04-17) + +* [bitnami/common] add secrets and warnings helpers (#2347) ([a748ff8](https://github.com/bitnami/charts/commit/a748ff82259d6553a0d4ca56ca6d7d050de859f4)), closes [#2347](https://github.com/bitnami/charts/issues/2347) + +## 0.1.1 (2020-04-08) + +* [bitnami/common] bitnami common add values yaml (#2267) ([a88c902](https://github.com/bitnami/charts/commit/a88c90212021771eacc562dd38c04381e2f63d6f)), closes [#2267](https://github.com/bitnami/charts/issues/2267) + +## 0.1.0 (2020-04-03) + +* [bitnami/common]: add initial functions (#2188) ([9401e13](https://github.com/bitnami/charts/commit/9401e13316992c36b0e33de75d5f249645a2924e)), closes [#2188](https://github.com/bitnami/charts/issues/2188) diff --git a/charts/thanos/charts/common/Chart.yaml b/charts/thanos/charts/common/Chart.yaml new file mode 100644 index 0000000000..08b7b07125 --- /dev/null +++ b/charts/thanos/charts/common/Chart.yaml @@ -0,0 +1,26 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +annotations: + category: Infrastructure + licenses: Apache-2.0 +apiVersion: v2 +# Please make sure that version and appVersion are always the same. +appVersion: 2.20.5 +description: A Library Helm Chart for grouping common logic between bitnami charts. This chart is not deployable by itself. +home: https://bitnami.com +icon: https://bitnami.com/downloads/logos/bitnami-mark.png +keywords: + - common + - helper + - template + - function + - bitnami +maintainers: + - name: Broadcom, Inc. All Rights Reserved. + url: https://github.com/bitnami/charts +name: common +sources: + - https://github.com/bitnami/charts/tree/main/bitnami/common +type: library +version: 2.20.5 diff --git a/charts/thanos/charts/common/README.md b/charts/thanos/charts/common/README.md new file mode 100644 index 0000000000..fee26c9914 --- /dev/null +++ b/charts/thanos/charts/common/README.md @@ -0,0 +1,235 @@ +# Bitnami Common Library Chart + +A [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for grouping common logic between Bitnami charts. + +## TL;DR + +```yaml +dependencies: + - name: common + version: 2.x.x + repository: oci://registry-1.docker.io/bitnamicharts +``` + +```console +helm dependency update +``` + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.names.fullname" . }} +data: + myvalue: "Hello World" +``` + +Looking to use our applications in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog. + +## Introduction + +This chart provides a common template helpers which can be used to develop new charts using [Helm](https://helm.sh) package manager. + +Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. + +## Prerequisites + +- Kubernetes 1.23+ +- Helm 3.8.0+ + +## Parameters + +## Special input schemas + +### ImageRoot + +```yaml +registry: + type: string + description: Docker registry where the image is located + example: docker.io + +repository: + type: string + description: Repository and image name + example: bitnami/nginx + +tag: + type: string + description: image tag + example: 1.16.1-debian-10-r63 + +pullPolicy: + type: string + description: Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + +pullSecrets: + type: array + items: + type: string + description: Optionally specify an array of imagePullSecrets (evaluated as templates). + +debug: + type: boolean + description: Set to true if you would like to see extra information on logs + example: false + +## An instance would be: +# registry: docker.io +# repository: bitnami/nginx +# tag: 1.16.1-debian-10-r63 +# pullPolicy: IfNotPresent +# debug: false +``` + +### Persistence + +```yaml +enabled: + type: boolean + description: Whether enable persistence. + example: true + +storageClass: + type: string + description: Ghost data Persistent Volume Storage Class, If set to "-", storageClassName: "" which disables dynamic provisioning. + example: "-" + +accessMode: + type: string + description: Access mode for the Persistent Volume Storage. + example: ReadWriteOnce + +size: + type: string + description: Size the Persistent Volume Storage. + example: 8Gi + +path: + type: string + description: Path to be persisted. + example: /bitnami + +## An instance would be: +# enabled: true +# storageClass: "-" +# accessMode: ReadWriteOnce +# size: 8Gi +# path: /bitnami +``` + +### ExistingSecret + +```yaml +name: + type: string + description: Name of the existing secret. + example: mySecret +keyMapping: + description: Mapping between the expected key name and the name of the key in the existing secret. + type: object + +## An instance would be: +# name: mySecret +# keyMapping: +# password: myPasswordKey +``` + +#### Example of use + +When we store sensitive data for a deployment in a secret, some times we want to give to users the possibility of using theirs existing secrets. + +```yaml +# templates/secret.yaml +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" . }} + labels: + app: {{ include "common.names.fullname" . }} +type: Opaque +data: + password: {{ .Values.password | b64enc | quote }} + +# templates/dpl.yaml +--- +... + env: + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "common.secrets.name" (dict "existingSecret" .Values.existingSecret "context" $) }} + key: {{ include "common.secrets.key" (dict "existingSecret" .Values.existingSecret "key" "password") }} +... + +# values.yaml +--- +name: mySecret +keyMapping: + password: myPasswordKey +``` + +### ValidateValue + +#### NOTES.txt + +```console +{{- $validateValueConf00 := (dict "valueKey" "path.to.value00" "secret" "secretName" "field" "password-00") -}} +{{- $validateValueConf01 := (dict "valueKey" "path.to.value01" "secret" "secretName" "field" "password-01") -}} + +{{ include "common.validations.values.multiple.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} +``` + +If we force those values to be empty we will see some alerts + +```console +helm install test mychart --set path.to.value00="",path.to.value01="" + 'path.to.value00' must not be empty, please add '--set path.to.value00=$PASSWORD_00' to the command. To get the current value: + + export PASSWORD_00=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-00}" | base64 -d) + + 'path.to.value01' must not be empty, please add '--set path.to.value01=$PASSWORD_01' to the command. To get the current value: + + export PASSWORD_01=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-01}" | base64 -d) +``` + +## Upgrading + +### To 1.0.0 + +[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. + +#### What changes were introduced in this major version? + +- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. +- Use `type: library`. [Here](https://v3.helm.sh/docs/faq/#library-chart-support) you can find more information. +- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts + +#### Considerations when upgrading to this version + +- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues +- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore +- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 + +#### Useful links + +- +- +- + +## License + +Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/charts/thanos/charts/common/templates/_affinities.tpl b/charts/thanos/charts/common/templates/_affinities.tpl new file mode 100644 index 0000000000..c2d290792e --- /dev/null +++ b/charts/thanos/charts/common/templates/_affinities.tpl @@ -0,0 +1,139 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} + +{{/* +Return a soft nodeAffinity definition +{{ include "common.affinities.nodes.soft" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes.soft" -}} +preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: {{ .key }} + operator: In + values: + {{- range .values }} + - {{ . | quote }} + {{- end }} + weight: 1 +{{- end -}} + +{{/* +Return a hard nodeAffinity definition +{{ include "common.affinities.nodes.hard" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes.hard" -}} +requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: {{ .key }} + operator: In + values: + {{- range .values }} + - {{ . | quote }} + {{- end }} +{{- end -}} + +{{/* +Return a nodeAffinity definition +{{ include "common.affinities.nodes" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes" -}} + {{- if eq .type "soft" }} + {{- include "common.affinities.nodes.soft" . -}} + {{- else if eq .type "hard" }} + {{- include "common.affinities.nodes.hard" . -}} + {{- end -}} +{{- end -}} + +{{/* +Return a topologyKey definition +{{ include "common.affinities.topologyKey" (dict "topologyKey" "BAR") -}} +*/}} +{{- define "common.affinities.topologyKey" -}} +{{ .topologyKey | default "kubernetes.io/hostname" -}} +{{- end -}} + +{{/* +Return a soft podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods.soft" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "extraPodAffinityTerms" .Values.extraPodAffinityTerms "context" $) -}} +*/}} +{{- define "common.affinities.pods.soft" -}} +{{- $component := default "" .component -}} +{{- $customLabels := default (dict) .customLabels -}} +{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} +{{- $extraPodAffinityTerms := default (list) .extraPodAffinityTerms -}} +preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" .context )) | nindent 10 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + {{- range $key, $value := $extraMatchLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} + weight: 1 + {{- range $extraPodAffinityTerms }} + - podAffinityTerm: + labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" $.context )) | nindent 10 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + {{- range $key, $value := .extraMatchLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} + weight: {{ .weight | default 1 -}} + {{- end -}} +{{- end -}} + +{{/* +Return a hard podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods.hard" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "extraPodAffinityTerms" .Values.extraPodAffinityTerms "context" $) -}} +*/}} +{{- define "common.affinities.pods.hard" -}} +{{- $component := default "" .component -}} +{{- $customLabels := default (dict) .customLabels -}} +{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} +{{- $extraPodAffinityTerms := default (list) .extraPodAffinityTerms -}} +requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" .context )) | nindent 8 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + {{- range $key, $value := $extraMatchLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} + {{- range $extraPodAffinityTerms }} + - labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" $.context )) | nindent 8 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + {{- range $key, $value := .extraMatchLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} + {{- end -}} +{{- end -}} + +{{/* +Return a podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.pods" -}} + {{- if eq .type "soft" }} + {{- include "common.affinities.pods.soft" . -}} + {{- else if eq .type "hard" }} + {{- include "common.affinities.pods.hard" . -}} + {{- end -}} +{{- end -}} diff --git a/charts/thanos/charts/common/templates/_capabilities.tpl b/charts/thanos/charts/common/templates/_capabilities.tpl new file mode 100644 index 0000000000..2fe81d32d1 --- /dev/null +++ b/charts/thanos/charts/common/templates/_capabilities.tpl @@ -0,0 +1,229 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} + +{{/* +Return the target Kubernetes version +*/}} +{{- define "common.capabilities.kubeVersion" -}} +{{- default (default .Capabilities.KubeVersion.Version .Values.kubeVersion) ((.Values.global).kubeVersion) -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for poddisruptionbudget. +*/}} +{{- define "common.capabilities.policy.apiVersion" -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} +{{- if and (not (empty $kubeVersion)) (semverCompare "<1.21-0" $kubeVersion) -}} +{{- print "policy/v1beta1" -}} +{{- else -}} +{{- print "policy/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for networkpolicy. +*/}} +{{- define "common.capabilities.networkPolicy.apiVersion" -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} +{{- if and (not (empty $kubeVersion)) (semverCompare "<1.7-0" $kubeVersion) -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for cronjob. +*/}} +{{- define "common.capabilities.cronjob.apiVersion" -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} +{{- if and (not (empty $kubeVersion)) (semverCompare "<1.21-0" $kubeVersion) -}} +{{- print "batch/v1beta1" -}} +{{- else -}} +{{- print "batch/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for daemonset. +*/}} +{{- define "common.capabilities.daemonset.apiVersion" -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} +{{- if and (not (empty $kubeVersion)) (semverCompare "<1.14-0" $kubeVersion) -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for deployment. +*/}} +{{- define "common.capabilities.deployment.apiVersion" -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} +{{- if and (not (empty $kubeVersion)) (semverCompare "<1.14-0" $kubeVersion) -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for statefulset. +*/}} +{{- define "common.capabilities.statefulset.apiVersion" -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} +{{- if and (not (empty $kubeVersion)) (semverCompare "<1.14-0" $kubeVersion) -}} +{{- print "apps/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for ingress. +*/}} +{{- define "common.capabilities.ingress.apiVersion" -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} +{{- if (.Values.ingress).apiVersion -}} +{{- .Values.ingress.apiVersion -}} +{{- else if and (not (empty $kubeVersion)) (semverCompare "<1.14-0" $kubeVersion) -}} +{{- print "extensions/v1beta1" -}} +{{- else if and (not (empty $kubeVersion)) (semverCompare "<1.19-0" $kubeVersion) -}} +{{- print "networking.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end }} +{{- end -}} + +{{/* +Return the appropriate apiVersion for RBAC resources. +*/}} +{{- define "common.capabilities.rbac.apiVersion" -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} +{{- if and (not (empty $kubeVersion)) (semverCompare "<1.17-0" $kubeVersion) -}} +{{- print "rbac.authorization.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "rbac.authorization.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for CRDs. +*/}} +{{- define "common.capabilities.crd.apiVersion" -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} +{{- if and (not (empty $kubeVersion)) (semverCompare "<1.19-0" $kubeVersion) -}} +{{- print "apiextensions.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "apiextensions.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for APIService. +*/}} +{{- define "common.capabilities.apiService.apiVersion" -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} +{{- if and (not (empty $kubeVersion)) (semverCompare "<1.10-0" $kubeVersion) -}} +{{- print "apiregistration.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "apiregistration.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for Horizontal Pod Autoscaler. +*/}} +{{- define "common.capabilities.hpa.apiVersion" -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" .context -}} +{{- if and (not (empty $kubeVersion)) (semverCompare "<1.23-0" $kubeVersion) -}} +{{- if .beta2 -}} +{{- print "autoscaling/v2beta2" -}} +{{- else -}} +{{- print "autoscaling/v2beta1" -}} +{{- end -}} +{{- else -}} +{{- print "autoscaling/v2" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for Vertical Pod Autoscaler. +*/}} +{{- define "common.capabilities.vpa.apiVersion" -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" .context -}} +{{- if and (not (empty $kubeVersion)) (semverCompare "<1.23-0" $kubeVersion) -}} +{{- if .beta2 -}} +{{- print "autoscaling/v2beta2" -}} +{{- else -}} +{{- print "autoscaling/v2beta1" -}} +{{- end -}} +{{- else -}} +{{- print "autoscaling/v2" -}} +{{- end -}} +{{- end -}} + +{{/* +Returns true if PodSecurityPolicy is supported +*/}} +{{- define "common.capabilities.psp.supported" -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} +{{- if or (empty $kubeVersion) (semverCompare "<1.25-0" $kubeVersion) -}} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Returns true if AdmissionConfiguration is supported +*/}} +{{- define "common.capabilities.admissionConfiguration.supported" -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} +{{- if or (empty $kubeVersion) (not (semverCompare "<1.23-0" $kubeVersion)) -}} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for AdmissionConfiguration. +*/}} +{{- define "common.capabilities.admissionConfiguration.apiVersion" -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} +{{- if and (not (empty $kubeVersion)) (semverCompare "<1.23-0" $kubeVersion) -}} +{{- print "apiserver.config.k8s.io/v1alpha1" -}} +{{- else if and (not (empty $kubeVersion)) (semverCompare "<1.25-0" $kubeVersion) -}} +{{- print "apiserver.config.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "apiserver.config.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for PodSecurityConfiguration. +*/}} +{{- define "common.capabilities.podSecurityConfiguration.apiVersion" -}} +{{- $kubeVersion := include "common.capabilities.kubeVersion" . -}} +{{- if and (not (empty $kubeVersion)) (semverCompare "<1.23-0" $kubeVersion) -}} +{{- print "pod-security.admission.config.k8s.io/v1alpha1" -}} +{{- else if and (not (empty $kubeVersion)) (semverCompare "<1.25-0" $kubeVersion) -}} +{{- print "pod-security.admission.config.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "pod-security.admission.config.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Returns true if the used Helm version is 3.3+. +A way to check the used Helm version was not introduced until version 3.3.0 with .Capabilities.HelmVersion, which contains an additional "{}}" structure. +This check is introduced as a regexMatch instead of {{ if .Capabilities.HelmVersion }} because checking for the key HelmVersion in <3.3 results in a "interface not found" error. +**To be removed when the catalog's minimun Helm version is 3.3** +*/}} +{{- define "common.capabilities.supportsHelmVersion" -}} +{{- if regexMatch "{(v[0-9])*[^}]*}}$" (.Capabilities | toString ) }} + {{- true -}} +{{- end -}} +{{- end -}} diff --git a/charts/thanos/charts/common/templates/_compatibility.tpl b/charts/thanos/charts/common/templates/_compatibility.tpl new file mode 100644 index 0000000000..eb4061d7d0 --- /dev/null +++ b/charts/thanos/charts/common/templates/_compatibility.tpl @@ -0,0 +1,42 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} + +{{/* +Return true if the detected platform is Openshift +Usage: +{{- include "common.compatibility.isOpenshift" . -}} +*/}} +{{- define "common.compatibility.isOpenshift" -}} +{{- if .Capabilities.APIVersions.Has "security.openshift.io/v1" -}} +{{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Render a compatible securityContext depending on the platform. By default it is maintained as it is. In other platforms like Openshift we remove default user/group values that do not work out of the box with the restricted-v1 SCC +Usage: +{{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) -}} +*/}} +{{- define "common.compatibility.renderSecurityContext" -}} +{{- $adaptedContext := .secContext -}} + +{{- if (((.context.Values.global).compatibility).openshift) -}} + {{- if or (eq .context.Values.global.compatibility.openshift.adaptSecurityContext "force") (and (eq .context.Values.global.compatibility.openshift.adaptSecurityContext "auto") (include "common.compatibility.isOpenshift" .context)) -}} + {{/* Remove incompatible user/group values that do not work in Openshift out of the box */}} + {{- $adaptedContext = omit $adaptedContext "fsGroup" "runAsUser" "runAsGroup" -}} + {{- if not .secContext.seLinuxOptions -}} + {{/* If it is an empty object, we remove it from the resulting context because it causes validation issues */}} + {{- $adaptedContext = omit $adaptedContext "seLinuxOptions" -}} + {{- end -}} + {{- end -}} +{{- end -}} +{{/* Remove fields that are disregarded when running the container in privileged mode */}} +{{- if $adaptedContext.privileged -}} + {{- $adaptedContext = omit $adaptedContext "capabilities" "seLinuxOptions" -}} +{{- end -}} +{{- omit $adaptedContext "enabled" | toYaml -}} +{{- end -}} diff --git a/charts/thanos/charts/common/templates/_errors.tpl b/charts/thanos/charts/common/templates/_errors.tpl new file mode 100644 index 0000000000..e965365193 --- /dev/null +++ b/charts/thanos/charts/common/templates/_errors.tpl @@ -0,0 +1,28 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Through error when upgrading using empty passwords values that must not be empty. + +Usage: +{{- $validationError00 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password00" "secret" "secretName" "field" "password-00") -}} +{{- $validationError01 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password01" "secret" "secretName" "field" "password-01") -}} +{{ include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $validationError00 $validationError01) "context" $) }} + +Required password params: + - validationErrors - String - Required. List of validation strings to be return, if it is empty it won't throw error. + - context - Context - Required. Parent context. +*/}} +{{- define "common.errors.upgrade.passwords.empty" -}} + {{- $validationErrors := join "" .validationErrors -}} + {{- if and $validationErrors .context.Release.IsUpgrade -}} + {{- $errorString := "\nPASSWORDS ERROR: You must provide your current passwords when upgrading the release." -}} + {{- $errorString = print $errorString "\n Note that even after reinstallation, old credentials may be needed as they may be kept in persistent volume claims." -}} + {{- $errorString = print $errorString "\n Further information can be obtained at https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues/#credential-errors-while-upgrading-chart-releases" -}} + {{- $errorString = print $errorString "\n%s" -}} + {{- printf $errorString $validationErrors | fail -}} + {{- end -}} +{{- end -}} diff --git a/charts/thanos/charts/common/templates/_images.tpl b/charts/thanos/charts/common/templates/_images.tpl new file mode 100644 index 0000000000..6821b1ce20 --- /dev/null +++ b/charts/thanos/charts/common/templates/_images.tpl @@ -0,0 +1,109 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Return the proper image name +{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" .Values.global ) }} +*/}} +{{- define "common.images.image" -}} +{{- $registryName := default .imageRoot.registry ((.global).imageRegistry) -}} +{{- $repositoryName := .imageRoot.repository -}} +{{- $separator := ":" -}} +{{- $termination := .imageRoot.tag | toString -}} + +{{- if .imageRoot.digest }} + {{- $separator = "@" -}} + {{- $termination = .imageRoot.digest | toString -}} +{{- end -}} +{{- if $registryName }} + {{- printf "%s/%s%s%s" $registryName $repositoryName $separator $termination -}} +{{- else -}} + {{- printf "%s%s%s" $repositoryName $separator $termination -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) +{{ include "common.images.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global) }} +*/}} +{{- define "common.images.pullSecrets" -}} + {{- $pullSecrets := list }} + + {{- range ((.global).imagePullSecrets) -}} + {{- if kindIs "map" . -}} + {{- $pullSecrets = append $pullSecrets .name -}} + {{- else -}} + {{- $pullSecrets = append $pullSecrets . -}} + {{- end }} + {{- end -}} + + {{- range .images -}} + {{- range .pullSecrets -}} + {{- if kindIs "map" . -}} + {{- $pullSecrets = append $pullSecrets .name -}} + {{- else -}} + {{- $pullSecrets = append $pullSecrets . -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- if (not (empty $pullSecrets)) -}} +imagePullSecrets: + {{- range $pullSecrets | uniq }} + - name: {{ . }} + {{- end }} + {{- end }} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names evaluating values as templates +{{ include "common.images.renderPullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $) }} +*/}} +{{- define "common.images.renderPullSecrets" -}} + {{- $pullSecrets := list }} + {{- $context := .context }} + + {{- range (($context.Values.global).imagePullSecrets) -}} + {{- if kindIs "map" . -}} + {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" .name "context" $context)) -}} + {{- else -}} + {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} + {{- end -}} + {{- end -}} + + {{- range .images -}} + {{- range .pullSecrets -}} + {{- if kindIs "map" . -}} + {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" .name "context" $context)) -}} + {{- else -}} + {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- if (not (empty $pullSecrets)) -}} +imagePullSecrets: + {{- range $pullSecrets | uniq }} + - name: {{ . }} + {{- end }} + {{- end }} +{{- end -}} + +{{/* +Return the proper image version (ingores image revision/prerelease info & fallbacks to chart appVersion) +{{ include "common.images.version" ( dict "imageRoot" .Values.path.to.the.image "chart" .Chart ) }} +*/}} +{{- define "common.images.version" -}} +{{- $imageTag := .imageRoot.tag | toString -}} +{{/* regexp from https://github.com/Masterminds/semver/blob/23f51de38a0866c5ef0bfc42b3f735c73107b700/version.go#L41-L44 */}} +{{- if regexMatch `^([0-9]+)(\.[0-9]+)?(\.[0-9]+)?(-([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?(\+([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?$` $imageTag -}} + {{- $version := semver $imageTag -}} + {{- printf "%d.%d.%d" $version.Major $version.Minor $version.Patch -}} +{{- else -}} + {{- print .chart.AppVersion -}} +{{- end -}} +{{- end -}} + diff --git a/charts/thanos/charts/common/templates/_ingress.tpl b/charts/thanos/charts/common/templates/_ingress.tpl new file mode 100644 index 0000000000..7d2b87985c --- /dev/null +++ b/charts/thanos/charts/common/templates/_ingress.tpl @@ -0,0 +1,73 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} + +{{/* +Generate backend entry that is compatible with all Kubernetes API versions. + +Usage: +{{ include "common.ingress.backend" (dict "serviceName" "backendName" "servicePort" "backendPort" "context" $) }} + +Params: + - serviceName - String. Name of an existing service backend + - servicePort - String/Int. Port name (or number) of the service. It will be translated to different yaml depending if it is a string or an integer. + - context - Dict - Required. The context for the template evaluation. +*/}} +{{- define "common.ingress.backend" -}} +{{- $apiVersion := (include "common.capabilities.ingress.apiVersion" .context) -}} +{{- if or (eq $apiVersion "extensions/v1beta1") (eq $apiVersion "networking.k8s.io/v1beta1") -}} +serviceName: {{ .serviceName }} +servicePort: {{ .servicePort }} +{{- else -}} +service: + name: {{ .serviceName }} + port: + {{- if typeIs "string" .servicePort }} + name: {{ .servicePort }} + {{- else if or (typeIs "int" .servicePort) (typeIs "float64" .servicePort) }} + number: {{ .servicePort | int }} + {{- end }} +{{- end -}} +{{- end -}} + +{{/* +Print "true" if the API pathType field is supported +Usage: +{{ include "common.ingress.supportsPathType" . }} +*/}} +{{- define "common.ingress.supportsPathType" -}} +{{- if (semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .)) -}} +{{- print "false" -}} +{{- else -}} +{{- print "true" -}} +{{- end -}} +{{- end -}} + +{{/* +Returns true if the ingressClassname field is supported +Usage: +{{ include "common.ingress.supportsIngressClassname" . }} +*/}} +{{- define "common.ingress.supportsIngressClassname" -}} +{{- if semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "false" -}} +{{- else -}} +{{- print "true" -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if cert-manager required annotations for TLS signed +certificates are set in the Ingress annotations +Ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations +Usage: +{{ include "common.ingress.certManagerRequest" ( dict "annotations" .Values.path.to.the.ingress.annotations ) }} +*/}} +{{- define "common.ingress.certManagerRequest" -}} +{{ if or (hasKey .annotations "cert-manager.io/cluster-issuer") (hasKey .annotations "cert-manager.io/issuer") (hasKey .annotations "kubernetes.io/tls-acme") }} + {{- true -}} +{{- end -}} +{{- end -}} diff --git a/charts/thanos/charts/common/templates/_labels.tpl b/charts/thanos/charts/common/templates/_labels.tpl new file mode 100644 index 0000000000..0a0cc5488f --- /dev/null +++ b/charts/thanos/charts/common/templates/_labels.tpl @@ -0,0 +1,46 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} + +{{/* +Kubernetes standard labels +{{ include "common.labels.standard" (dict "customLabels" .Values.commonLabels "context" $) -}} +*/}} +{{- define "common.labels.standard" -}} +{{- if and (hasKey . "customLabels") (hasKey . "context") -}} +{{- $default := dict "app.kubernetes.io/name" (include "common.names.name" .context) "helm.sh/chart" (include "common.names.chart" .context) "app.kubernetes.io/instance" .context.Release.Name "app.kubernetes.io/managed-by" .context.Release.Service -}} +{{- with .context.Chart.AppVersion -}} +{{- $_ := set $default "app.kubernetes.io/version" . -}} +{{- end -}} +{{ template "common.tplvalues.merge" (dict "values" (list .customLabels $default) "context" .context) }} +{{- else -}} +app.kubernetes.io/name: {{ include "common.names.name" . }} +helm.sh/chart: {{ include "common.names.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- with .Chart.AppVersion }} +app.kubernetes.io/version: {{ . | quote }} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Labels used on immutable fields such as deploy.spec.selector.matchLabels or svc.spec.selector +{{ include "common.labels.matchLabels" (dict "customLabels" .Values.podLabels "context" $) -}} + +We don't want to loop over custom labels appending them to the selector +since it's very likely that it will break deployments, services, etc. +However, it's important to overwrite the standard labels if the user +overwrote them on metadata.labels fields. +*/}} +{{- define "common.labels.matchLabels" -}} +{{- if and (hasKey . "customLabels") (hasKey . "context") -}} +{{ merge (pick (include "common.tplvalues.render" (dict "value" .customLabels "context" .context) | fromYaml) "app.kubernetes.io/name" "app.kubernetes.io/instance") (dict "app.kubernetes.io/name" (include "common.names.name" .context) "app.kubernetes.io/instance" .context.Release.Name ) | toYaml }} +{{- else -}} +app.kubernetes.io/name: {{ include "common.names.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} +{{- end -}} diff --git a/charts/thanos/charts/common/templates/_names.tpl b/charts/thanos/charts/common/templates/_names.tpl new file mode 100644 index 0000000000..ba83956852 --- /dev/null +++ b/charts/thanos/charts/common/templates/_names.tpl @@ -0,0 +1,71 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "common.names.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "common.names.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "common.names.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create a default fully qualified dependency name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +Usage: +{{ include "common.names.dependency.fullname" (dict "chartName" "dependency-chart-name" "chartValues" .Values.dependency-chart "context" $) }} +*/}} +{{- define "common.names.dependency.fullname" -}} +{{- if .chartValues.fullnameOverride -}} +{{- .chartValues.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .chartName .chartValues.nameOverride -}} +{{- if contains $name .context.Release.Name -}} +{{- .context.Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .context.Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Allow the release namespace to be overridden for multi-namespace deployments in combined charts. +*/}} +{{- define "common.names.namespace" -}} +{{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a fully qualified app name adding the installation's namespace. +*/}} +{{- define "common.names.fullname.namespace" -}} +{{- printf "%s-%s" (include "common.names.fullname" .) (include "common.names.namespace" .) | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/charts/thanos/charts/common/templates/_resources.tpl b/charts/thanos/charts/common/templates/_resources.tpl new file mode 100644 index 0000000000..d8a43e1c2d --- /dev/null +++ b/charts/thanos/charts/common/templates/_resources.tpl @@ -0,0 +1,50 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} + +{{/* +Return a resource request/limit object based on a given preset. +These presets are for basic testing and not meant to be used in production +{{ include "common.resources.preset" (dict "type" "nano") -}} +*/}} +{{- define "common.resources.preset" -}} +{{/* The limits are the requests increased by 50% (except ephemeral-storage and xlarge/2xlarge sizes)*/}} +{{- $presets := dict + "nano" (dict + "requests" (dict "cpu" "100m" "memory" "128Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "150m" "memory" "192Mi" "ephemeral-storage" "2Gi") + ) + "micro" (dict + "requests" (dict "cpu" "250m" "memory" "256Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "375m" "memory" "384Mi" "ephemeral-storage" "2Gi") + ) + "small" (dict + "requests" (dict "cpu" "500m" "memory" "512Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "750m" "memory" "768Mi" "ephemeral-storage" "2Gi") + ) + "medium" (dict + "requests" (dict "cpu" "500m" "memory" "1024Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "750m" "memory" "1536Mi" "ephemeral-storage" "2Gi") + ) + "large" (dict + "requests" (dict "cpu" "1.0" "memory" "2048Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "1.5" "memory" "3072Mi" "ephemeral-storage" "2Gi") + ) + "xlarge" (dict + "requests" (dict "cpu" "1.0" "memory" "3072Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "3.0" "memory" "6144Mi" "ephemeral-storage" "2Gi") + ) + "2xlarge" (dict + "requests" (dict "cpu" "1.0" "memory" "3072Mi" "ephemeral-storage" "50Mi") + "limits" (dict "cpu" "6.0" "memory" "12288Mi" "ephemeral-storage" "2Gi") + ) + }} +{{- if hasKey $presets .type -}} +{{- index $presets .type | toYaml -}} +{{- else -}} +{{- printf "ERROR: Preset key '%s' invalid. Allowed values are %s" .type (join "," (keys $presets)) | fail -}} +{{- end -}} +{{- end -}} diff --git a/charts/thanos/charts/common/templates/_secrets.tpl b/charts/thanos/charts/common/templates/_secrets.tpl new file mode 100644 index 0000000000..e87575a88d --- /dev/null +++ b/charts/thanos/charts/common/templates/_secrets.tpl @@ -0,0 +1,182 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Generate secret name. + +Usage: +{{ include "common.secrets.name" (dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $) }} + +Params: + - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user + to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. + +info: https://github.com/bitnami/charts/tree/main/bitnami/common#existingsecret + - defaultNameSuffix - String - Optional. It is used only if we have several secrets in the same deployment. + - context - Dict - Required. The context for the template evaluation. +*/}} +{{- define "common.secrets.name" -}} +{{- $name := (include "common.names.fullname" .context) -}} + +{{- if .defaultNameSuffix -}} +{{- $name = printf "%s-%s" $name .defaultNameSuffix | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- with .existingSecret -}} +{{- if not (typeIs "string" .) -}} +{{- with .name -}} +{{- $name = . -}} +{{- end -}} +{{- else -}} +{{- $name = . -}} +{{- end -}} +{{- end -}} + +{{- printf "%s" $name -}} +{{- end -}} + +{{/* +Generate secret key. + +Usage: +{{ include "common.secrets.key" (dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName") }} + +Params: + - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user + to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. + +info: https://github.com/bitnami/charts/tree/main/bitnami/common#existingsecret + - key - String - Required. Name of the key in the secret. +*/}} +{{- define "common.secrets.key" -}} +{{- $key := .key -}} + +{{- if .existingSecret -}} + {{- if not (typeIs "string" .existingSecret) -}} + {{- if .existingSecret.keyMapping -}} + {{- $key = index .existingSecret.keyMapping $.key -}} + {{- end -}} + {{- end }} +{{- end -}} + +{{- printf "%s" $key -}} +{{- end -}} + +{{/* +Generate secret password or retrieve one if already created. + +Usage: +{{ include "common.secrets.passwords.manage" (dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $) }} + +Params: + - secret - String - Required - Name of the 'Secret' resource where the password is stored. + - key - String - Required - Name of the key in the secret. + - providedValues - List - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value. + - length - int - Optional - Length of the generated random password. + - strong - Boolean - Optional - Whether to add symbols to the generated random password. + - chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart. + - context - Context - Required - Parent context. + - failOnNew - Boolean - Optional - Default to true. If set to false, skip errors adding new keys to existing secrets. + - skipB64enc - Boolean - Optional - Default to false. If set to true, no the secret will not be base64 encrypted. + - skipQuote - Boolean - Optional - Default to false. If set to true, no quotes will be added around the secret. +The order in which this function returns a secret password: + 1. Already existing 'Secret' resource + (If a 'Secret' resource is found under the name provided to the 'secret' parameter to this function and that 'Secret' resource contains a key with the name passed as the 'key' parameter to this function then the value of this existing secret password will be returned) + 2. Password provided via the values.yaml + (If one of the keys passed to the 'providedValues' parameter to this function is a valid path to a key in the values.yaml and has a value, the value of the first key with a value will be returned) + 3. Randomly generated secret password + (A new random secret password with the length specified in the 'length' parameter will be generated and returned) + +*/}} +{{- define "common.secrets.passwords.manage" -}} + +{{- $password := "" }} +{{- $subchart := "" }} +{{- $chartName := default "" .chartName }} +{{- $passwordLength := default 10 .length }} +{{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }} +{{- $providedPasswordValue := include "common.utils.getValueFromKey" (dict "key" $providedPasswordKey "context" $.context) }} +{{- $secretData := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret).data }} +{{- if $secretData }} + {{- if hasKey $secretData .key }} + {{- $password = index $secretData .key | b64dec }} + {{- else if not (eq .failOnNew false) }} + {{- printf "\nPASSWORDS ERROR: The secret \"%s\" does not contain the key \"%s\"\n" .secret .key | fail -}} + {{- else if $providedPasswordValue }} + {{- $password = $providedPasswordValue | toString }} + {{- end -}} +{{- else if $providedPasswordValue }} + {{- $password = $providedPasswordValue | toString }} +{{- else }} + + {{- if .context.Values.enabled }} + {{- $subchart = $chartName }} + {{- end -}} + + {{- $requiredPassword := dict "valueKey" $providedPasswordKey "secret" .secret "field" .key "subchart" $subchart "context" $.context -}} + {{- $requiredPasswordError := include "common.validations.values.single.empty" $requiredPassword -}} + {{- $passwordValidationErrors := list $requiredPasswordError -}} + {{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $.context) -}} + + {{- if .strong }} + {{- $subStr := list (lower (randAlpha 1)) (randNumeric 1) (upper (randAlpha 1)) | join "_" }} + {{- $password = randAscii $passwordLength }} + {{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }} + {{- $password = printf "%s%s" $subStr $password | toString | shuffle }} + {{- else }} + {{- $password = randAlphaNum $passwordLength }} + {{- end }} +{{- end -}} +{{- if not .skipB64enc }} +{{- $password = $password | b64enc }} +{{- end -}} +{{- if .skipQuote -}} +{{- printf "%s" $password -}} +{{- else -}} +{{- printf "%s" $password | quote -}} +{{- end -}} +{{- end -}} + +{{/* +Reuses the value from an existing secret, otherwise sets its value to a default value. + +Usage: +{{ include "common.secrets.lookup" (dict "secret" "secret-name" "key" "keyName" "defaultValue" .Values.myValue "context" $) }} + +Params: + - secret - String - Required - Name of the 'Secret' resource where the password is stored. + - key - String - Required - Name of the key in the secret. + - defaultValue - String - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value. + - context - Context - Required - Parent context. + +*/}} +{{- define "common.secrets.lookup" -}} +{{- $value := "" -}} +{{- $secretData := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret).data -}} +{{- if and $secretData (hasKey $secretData .key) -}} + {{- $value = index $secretData .key -}} +{{- else if .defaultValue -}} + {{- $value = .defaultValue | toString | b64enc -}} +{{- end -}} +{{- if $value -}} +{{- printf "%s" $value -}} +{{- end -}} +{{- end -}} + +{{/* +Returns whether a previous generated secret already exists + +Usage: +{{ include "common.secrets.exists" (dict "secret" "secret-name" "context" $) }} + +Params: + - secret - String - Required - Name of the 'Secret' resource where the password is stored. + - context - Context - Required - Parent context. +*/}} +{{- define "common.secrets.exists" -}} +{{- $secret := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret) }} +{{- if $secret }} + {{- true -}} +{{- end -}} +{{- end -}} diff --git a/charts/thanos/charts/common/templates/_storage.tpl b/charts/thanos/charts/common/templates/_storage.tpl new file mode 100644 index 0000000000..aa75856c07 --- /dev/null +++ b/charts/thanos/charts/common/templates/_storage.tpl @@ -0,0 +1,21 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} + +{{/* +Return the proper Storage Class +{{ include "common.storage.class" ( dict "persistence" .Values.path.to.the.persistence "global" $) }} +*/}} +{{- define "common.storage.class" -}} +{{- $storageClass := (.global).storageClass | default .persistence.storageClass | default (.global).defaultStorageClass | default "" -}} +{{- if $storageClass -}} + {{- if (eq "-" $storageClass) -}} + {{- printf "storageClassName: \"\"" -}} + {{- else -}} + {{- printf "storageClassName: %s" $storageClass -}} + {{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/thanos/charts/common/templates/_tplvalues.tpl b/charts/thanos/charts/common/templates/_tplvalues.tpl new file mode 100644 index 0000000000..c84d72c803 --- /dev/null +++ b/charts/thanos/charts/common/templates/_tplvalues.tpl @@ -0,0 +1,38 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Renders a value that contains template perhaps with scope if the scope is present. +Usage: +{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $ ) }} +{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $ "scope" $app ) }} +*/}} +{{- define "common.tplvalues.render" -}} +{{- $value := typeIs "string" .value | ternary .value (.value | toYaml) }} +{{- if contains "{{" (toJson .value) }} + {{- if .scope }} + {{- tpl (cat "{{- with $.RelativeScope -}}" $value "{{- end }}") (merge (dict "RelativeScope" .scope) .context) }} + {{- else }} + {{- tpl $value .context }} + {{- end }} +{{- else }} + {{- $value }} +{{- end }} +{{- end -}} + +{{/* +Merge a list of values that contains template after rendering them. +Merge precedence is consistent with http://masterminds.github.io/sprig/dicts.html#merge-mustmerge +Usage: +{{ include "common.tplvalues.merge" ( dict "values" (list .Values.path.to.the.Value1 .Values.path.to.the.Value2) "context" $ ) }} +*/}} +{{- define "common.tplvalues.merge" -}} +{{- $dst := dict -}} +{{- range .values -}} +{{- $dst = include "common.tplvalues.render" (dict "value" . "context" $.context "scope" $.scope) | fromYaml | merge $dst -}} +{{- end -}} +{{ $dst | toYaml }} +{{- end -}} diff --git a/charts/thanos/charts/common/templates/_utils.tpl b/charts/thanos/charts/common/templates/_utils.tpl new file mode 100644 index 0000000000..d53c74aa2e --- /dev/null +++ b/charts/thanos/charts/common/templates/_utils.tpl @@ -0,0 +1,77 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Print instructions to get a secret value. +Usage: +{{ include "common.utils.secret.getvalue" (dict "secret" "secret-name" "field" "secret-value-field" "context" $) }} +*/}} +{{- define "common.utils.secret.getvalue" -}} +{{- $varname := include "common.utils.fieldToEnvVar" . -}} +export {{ $varname }}=$(kubectl get secret --namespace {{ include "common.names.namespace" .context | quote }} {{ .secret }} -o jsonpath="{.data.{{ .field }}}" | base64 -d) +{{- end -}} + +{{/* +Build env var name given a field +Usage: +{{ include "common.utils.fieldToEnvVar" dict "field" "my-password" }} +*/}} +{{- define "common.utils.fieldToEnvVar" -}} + {{- $fieldNameSplit := splitList "-" .field -}} + {{- $upperCaseFieldNameSplit := list -}} + + {{- range $fieldNameSplit -}} + {{- $upperCaseFieldNameSplit = append $upperCaseFieldNameSplit ( upper . ) -}} + {{- end -}} + + {{ join "_" $upperCaseFieldNameSplit }} +{{- end -}} + +{{/* +Gets a value from .Values given +Usage: +{{ include "common.utils.getValueFromKey" (dict "key" "path.to.key" "context" $) }} +*/}} +{{- define "common.utils.getValueFromKey" -}} +{{- $splitKey := splitList "." .key -}} +{{- $value := "" -}} +{{- $latestObj := $.context.Values -}} +{{- range $splitKey -}} + {{- if not $latestObj -}} + {{- printf "please review the entire path of '%s' exists in values" $.key | fail -}} + {{- end -}} + {{- $value = ( index $latestObj . ) -}} + {{- $latestObj = $value -}} +{{- end -}} +{{- printf "%v" (default "" $value) -}} +{{- end -}} + +{{/* +Returns first .Values key with a defined value or first of the list if all non-defined +Usage: +{{ include "common.utils.getKeyFromList" (dict "keys" (list "path.to.key1" "path.to.key2") "context" $) }} +*/}} +{{- define "common.utils.getKeyFromList" -}} +{{- $key := first .keys -}} +{{- $reverseKeys := reverse .keys }} +{{- range $reverseKeys }} + {{- $value := include "common.utils.getValueFromKey" (dict "key" . "context" $.context ) }} + {{- if $value -}} + {{- $key = . }} + {{- end -}} +{{- end -}} +{{- printf "%s" $key -}} +{{- end -}} + +{{/* +Checksum a template at "path" containing a *single* resource (ConfigMap,Secret) for use in pod annotations, excluding the metadata (see #18376). +Usage: +{{ include "common.utils.checksumTemplate" (dict "path" "/configmap.yaml" "context" $) }} +*/}} +{{- define "common.utils.checksumTemplate" -}} +{{- $obj := include (print .context.Template.BasePath .path) .context | fromYaml -}} +{{ omit $obj "apiVersion" "kind" "metadata" | toYaml | sha256sum }} +{{- end -}} diff --git a/charts/thanos/charts/common/templates/_warnings.tpl b/charts/thanos/charts/common/templates/_warnings.tpl new file mode 100644 index 0000000000..e4dbecde25 --- /dev/null +++ b/charts/thanos/charts/common/templates/_warnings.tpl @@ -0,0 +1,109 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Warning about using rolling tag. +Usage: +{{ include "common.warnings.rollingTag" .Values.path.to.the.imageRoot }} +*/}} +{{- define "common.warnings.rollingTag" -}} + +{{- if and (contains "bitnami/" .repository) (not (.tag | toString | regexFind "-r\\d+$|sha256:")) }} +WARNING: Rolling tag detected ({{ .repository }}:{{ .tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment. ++info https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html +{{- end }} +{{- end -}} + +{{/* +Warning about replaced images from the original. +Usage: +{{ include "common.warnings.modifiedImages" (dict "images" (list .Values.path.to.the.imageRoot) "context" $) }} +*/}} +{{- define "common.warnings.modifiedImages" -}} +{{- $affectedImages := list -}} +{{- $printMessage := false -}} +{{- $originalImages := .context.Chart.Annotations.images -}} +{{- range .images -}} + {{- $fullImageName := printf (printf "%s/%s:%s" .registry .repository .tag) -}} + {{- if not (contains $fullImageName $originalImages) }} + {{- $affectedImages = append $affectedImages (printf "%s/%s:%s" .registry .repository .tag) -}} + {{- $printMessage = true -}} + {{- end -}} +{{- end -}} +{{- if $printMessage }} + +âš  SECURITY WARNING: Original containers have been substituted. This Helm chart was designed, tested, and validated on multiple platforms using a specific set of Bitnami and Tanzu Application Catalog containers. Substituting other containers is likely to cause degraded security and performance, broken chart features, and missing environment variables. + +Substituted images detected: +{{- range $affectedImages }} + - {{ . }} +{{- end }} +{{- end -}} +{{- end -}} + +{{/* +Warning about not setting the resource object in all deployments. +Usage: +{{ include "common.warnings.resources" (dict "sections" (list "path1" "path2") context $) }} +Example: +{{- include "common.warnings.resources" (dict "sections" (list "csiProvider.provider" "server" "volumePermissions" "") "context" $) }} +The list in the example assumes that the following values exist: + - csiProvider.provider.resources + - server.resources + - volumePermissions.resources + - resources +*/}} +{{- define "common.warnings.resources" -}} +{{- $values := .context.Values -}} +{{- $printMessage := false -}} +{{ $affectedSections := list -}} +{{- range .sections -}} + {{- if eq . "" -}} + {{/* Case where the resources section is at the root (one main deployment in the chart) */}} + {{- if not (index $values "resources") -}} + {{- $affectedSections = append $affectedSections "resources" -}} + {{- $printMessage = true -}} + {{- end -}} + {{- else -}} + {{/* Case where the are multiple resources sections (more than one main deployment in the chart) */}} + {{- $keys := split "." . -}} + {{/* We iterate through the different levels until arriving to the resource section. Example: a.b.c.resources */}} + {{- $section := $values -}} + {{- range $keys -}} + {{- $section = index $section . -}} + {{- end -}} + {{- if not (index $section "resources") -}} + {{/* If the section has enabled=false or replicaCount=0, do not include it */}} + {{- if and (hasKey $section "enabled") -}} + {{- if index $section "enabled" -}} + {{/* enabled=true */}} + {{- $affectedSections = append $affectedSections (printf "%s.resources" .) -}} + {{- $printMessage = true -}} + {{- end -}} + {{- else if and (hasKey $section "replicaCount") -}} + {{/* We need a casting to int because number 0 is not treated as an int by default */}} + {{- if (gt (index $section "replicaCount" | int) 0) -}} + {{/* replicaCount > 0 */}} + {{- $affectedSections = append $affectedSections (printf "%s.resources" .) -}} + {{- $printMessage = true -}} + {{- end -}} + {{- else -}} + {{/* Default case, add it to the affected sections */}} + {{- $affectedSections = append $affectedSections (printf "%s.resources" .) -}} + {{- $printMessage = true -}} + {{- end -}} + {{- end -}} + {{- end -}} +{{- end -}} +{{- if $printMessage }} + +WARNING: There are "resources" sections in the chart not set. Using "resourcesPreset" is not recommended for production. For production installations, please set the following values according to your workload needs: +{{- range $affectedSections }} + - {{ . }} +{{- end }} ++info https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +{{- end -}} +{{- end -}} diff --git a/charts/thanos/charts/common/templates/validations/_cassandra.tpl b/charts/thanos/charts/common/templates/validations/_cassandra.tpl new file mode 100644 index 0000000000..3f41ff8fc3 --- /dev/null +++ b/charts/thanos/charts/common/templates/validations/_cassandra.tpl @@ -0,0 +1,77 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Validate Cassandra required passwords are not empty. + +Usage: +{{ include "common.validations.values.cassandra.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where Cassandra values are stored, e.g: "cassandra-passwords-secret" + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.cassandra.passwords" -}} + {{- $existingSecret := include "common.cassandra.values.existingSecret" . -}} + {{- $enabled := include "common.cassandra.values.enabled" . -}} + {{- $dbUserPrefix := include "common.cassandra.values.key.dbUser" . -}} + {{- $valueKeyPassword := printf "%s.password" $dbUserPrefix -}} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "cassandra-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.cassandra.values.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.cassandra.values.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.cassandra.dbUser.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.dbUser.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled cassandra. + +Usage: +{{ include "common.cassandra.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.cassandra.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.cassandra.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key dbUser + +Usage: +{{ include "common.cassandra.values.key.dbUser" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.cassandra.values.key.dbUser" -}} + {{- if .subchart -}} + cassandra.dbUser + {{- else -}} + dbUser + {{- end -}} +{{- end -}} diff --git a/charts/thanos/charts/common/templates/validations/_mariadb.tpl b/charts/thanos/charts/common/templates/validations/_mariadb.tpl new file mode 100644 index 0000000000..6ea8c0f45b --- /dev/null +++ b/charts/thanos/charts/common/templates/validations/_mariadb.tpl @@ -0,0 +1,108 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Validate MariaDB required passwords are not empty. + +Usage: +{{ include "common.validations.values.mariadb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where MariaDB values are stored, e.g: "mysql-passwords-secret" + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.mariadb.passwords" -}} + {{- $existingSecret := include "common.mariadb.values.auth.existingSecret" . -}} + {{- $enabled := include "common.mariadb.values.enabled" . -}} + {{- $architecture := include "common.mariadb.values.architecture" . -}} + {{- $authPrefix := include "common.mariadb.values.key.auth" . -}} + {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} + {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} + {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} + {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mariadb-root-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} + + {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} + {{- if not (empty $valueUsername) -}} + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mariadb-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + {{- end -}} + + {{- if (eq $architecture "replication") -}} + {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mariadb-replication-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.mariadb.values.auth.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.auth.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.mariadb.auth.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.auth.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled mariadb. + +Usage: +{{ include "common.mariadb.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.mariadb.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.mariadb.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for architecture + +Usage: +{{ include "common.mariadb.values.architecture" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.architecture" -}} + {{- if .subchart -}} + {{- .context.Values.mariadb.architecture -}} + {{- else -}} + {{- .context.Values.architecture -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key auth + +Usage: +{{ include "common.mariadb.values.key.auth" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.key.auth" -}} + {{- if .subchart -}} + mariadb.auth + {{- else -}} + auth + {{- end -}} +{{- end -}} diff --git a/charts/thanos/charts/common/templates/validations/_mongodb.tpl b/charts/thanos/charts/common/templates/validations/_mongodb.tpl new file mode 100644 index 0000000000..d4cd38cbb3 --- /dev/null +++ b/charts/thanos/charts/common/templates/validations/_mongodb.tpl @@ -0,0 +1,113 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Validate MongoDB® required passwords are not empty. + +Usage: +{{ include "common.validations.values.mongodb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where MongoDB® values are stored, e.g: "mongodb-passwords-secret" + - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.mongodb.passwords" -}} + {{- $existingSecret := include "common.mongodb.values.auth.existingSecret" . -}} + {{- $enabled := include "common.mongodb.values.enabled" . -}} + {{- $authPrefix := include "common.mongodb.values.key.auth" . -}} + {{- $architecture := include "common.mongodb.values.architecture" . -}} + {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} + {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} + {{- $valueKeyDatabase := printf "%s.database" $authPrefix -}} + {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} + {{- $valueKeyReplicaSetKey := printf "%s.replicaSetKey" $authPrefix -}} + {{- $valueKeyAuthEnabled := printf "%s.enabled" $authPrefix -}} + + {{- $authEnabled := include "common.utils.getValueFromKey" (dict "key" $valueKeyAuthEnabled "context" .context) -}} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") (eq $authEnabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mongodb-root-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} + + {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} + {{- $valueDatabase := include "common.utils.getValueFromKey" (dict "key" $valueKeyDatabase "context" .context) }} + {{- if and $valueUsername $valueDatabase -}} + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mongodb-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + {{- end -}} + + {{- if (eq $architecture "replicaset") -}} + {{- $requiredReplicaSetKey := dict "valueKey" $valueKeyReplicaSetKey "secret" .secret "field" "mongodb-replica-set-key" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredReplicaSetKey -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.mongodb.values.auth.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MongoDb is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.auth.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.mongodb.auth.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.auth.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled mongodb. + +Usage: +{{ include "common.mongodb.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.mongodb.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.mongodb.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key auth + +Usage: +{{ include "common.mongodb.values.key.auth" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.key.auth" -}} + {{- if .subchart -}} + mongodb.auth + {{- else -}} + auth + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for architecture + +Usage: +{{ include "common.mongodb.values.architecture" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.architecture" -}} + {{- if .subchart -}} + {{- .context.Values.mongodb.architecture -}} + {{- else -}} + {{- .context.Values.architecture -}} + {{- end -}} +{{- end -}} diff --git a/charts/thanos/charts/common/templates/validations/_mysql.tpl b/charts/thanos/charts/common/templates/validations/_mysql.tpl new file mode 100644 index 0000000000..924812a931 --- /dev/null +++ b/charts/thanos/charts/common/templates/validations/_mysql.tpl @@ -0,0 +1,108 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Validate MySQL required passwords are not empty. + +Usage: +{{ include "common.validations.values.mysql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where MySQL values are stored, e.g: "mysql-passwords-secret" + - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.mysql.passwords" -}} + {{- $existingSecret := include "common.mysql.values.auth.existingSecret" . -}} + {{- $enabled := include "common.mysql.values.enabled" . -}} + {{- $architecture := include "common.mysql.values.architecture" . -}} + {{- $authPrefix := include "common.mysql.values.key.auth" . -}} + {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} + {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} + {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} + {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mysql-root-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} + + {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} + {{- if not (empty $valueUsername) -}} + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mysql-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + {{- end -}} + + {{- if (eq $architecture "replication") -}} + {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mysql-replication-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.mysql.values.auth.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false +*/}} +{{- define "common.mysql.values.auth.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.mysql.auth.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.auth.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled mysql. + +Usage: +{{ include "common.mysql.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.mysql.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.mysql.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for architecture + +Usage: +{{ include "common.mysql.values.architecture" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false +*/}} +{{- define "common.mysql.values.architecture" -}} + {{- if .subchart -}} + {{- .context.Values.mysql.architecture -}} + {{- else -}} + {{- .context.Values.architecture -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key auth + +Usage: +{{ include "common.mysql.values.key.auth" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false +*/}} +{{- define "common.mysql.values.key.auth" -}} + {{- if .subchart -}} + mysql.auth + {{- else -}} + auth + {{- end -}} +{{- end -}} diff --git a/charts/thanos/charts/common/templates/validations/_postgresql.tpl b/charts/thanos/charts/common/templates/validations/_postgresql.tpl new file mode 100644 index 0000000000..0fa0b1467a --- /dev/null +++ b/charts/thanos/charts/common/templates/validations/_postgresql.tpl @@ -0,0 +1,134 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Validate PostgreSQL required passwords are not empty. + +Usage: +{{ include "common.validations.values.postgresql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where postgresql values are stored, e.g: "postgresql-passwords-secret" + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.postgresql.passwords" -}} + {{- $existingSecret := include "common.postgresql.values.existingSecret" . -}} + {{- $enabled := include "common.postgresql.values.enabled" . -}} + {{- $valueKeyPostgresqlPassword := include "common.postgresql.values.key.postgressPassword" . -}} + {{- $valueKeyPostgresqlReplicationEnabled := include "common.postgresql.values.key.replicationPassword" . -}} + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + {{- $requiredPostgresqlPassword := dict "valueKey" $valueKeyPostgresqlPassword "secret" .secret "field" "postgresql-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlPassword -}} + + {{- $enabledReplication := include "common.postgresql.values.enabled.replication" . -}} + {{- if (eq $enabledReplication "true") -}} + {{- $requiredPostgresqlReplicationPassword := dict "valueKey" $valueKeyPostgresqlReplicationEnabled "secret" .secret "field" "postgresql-replication-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlReplicationPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to decide whether evaluate global values. + +Usage: +{{ include "common.postgresql.values.use.global" (dict "key" "key-of-global" "context" $) }} +Params: + - key - String - Required. Field to be evaluated within global, e.g: "existingSecret" +*/}} +{{- define "common.postgresql.values.use.global" -}} + {{- if .context.Values.global -}} + {{- if .context.Values.global.postgresql -}} + {{- index .context.Values.global.postgresql .key | quote -}} + {{- end -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.postgresql.values.existingSecret" (dict "context" $) }} +*/}} +{{- define "common.postgresql.values.existingSecret" -}} + {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "existingSecret" "context" .context) -}} + + {{- if .subchart -}} + {{- default (.context.Values.postgresql.existingSecret | quote) $globalValue -}} + {{- else -}} + {{- default (.context.Values.existingSecret | quote) $globalValue -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled postgresql. + +Usage: +{{ include "common.postgresql.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.postgresql.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.postgresql.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key postgressPassword. + +Usage: +{{ include "common.postgresql.values.key.postgressPassword" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.key.postgressPassword" -}} + {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "postgresqlUsername" "context" .context) -}} + + {{- if not $globalValue -}} + {{- if .subchart -}} + postgresql.postgresqlPassword + {{- else -}} + postgresqlPassword + {{- end -}} + {{- else -}} + global.postgresql.postgresqlPassword + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled.replication. + +Usage: +{{ include "common.postgresql.values.enabled.replication" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.enabled.replication" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.postgresql.replication.enabled -}} + {{- else -}} + {{- printf "%v" .context.Values.replication.enabled -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key replication.password. + +Usage: +{{ include "common.postgresql.values.key.replicationPassword" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.key.replicationPassword" -}} + {{- if .subchart -}} + postgresql.replication.password + {{- else -}} + replication.password + {{- end -}} +{{- end -}} diff --git a/charts/thanos/charts/common/templates/validations/_redis.tpl b/charts/thanos/charts/common/templates/validations/_redis.tpl new file mode 100644 index 0000000000..f4778256d1 --- /dev/null +++ b/charts/thanos/charts/common/templates/validations/_redis.tpl @@ -0,0 +1,81 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + + +{{/* vim: set filetype=mustache: */}} +{{/* +Validate Redis® required passwords are not empty. + +Usage: +{{ include "common.validations.values.redis.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where redis values are stored, e.g: "redis-passwords-secret" + - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.redis.passwords" -}} + {{- $enabled := include "common.redis.values.enabled" . -}} + {{- $valueKeyPrefix := include "common.redis.values.keys.prefix" . -}} + {{- $standarizedVersion := include "common.redis.values.standarized.version" . }} + + {{- $existingSecret := ternary (printf "%s%s" $valueKeyPrefix "auth.existingSecret") (printf "%s%s" $valueKeyPrefix "existingSecret") (eq $standarizedVersion "true") }} + {{- $existingSecretValue := include "common.utils.getValueFromKey" (dict "key" $existingSecret "context" .context) }} + + {{- $valueKeyRedisPassword := ternary (printf "%s%s" $valueKeyPrefix "auth.password") (printf "%s%s" $valueKeyPrefix "password") (eq $standarizedVersion "true") }} + {{- $valueKeyRedisUseAuth := ternary (printf "%s%s" $valueKeyPrefix "auth.enabled") (printf "%s%s" $valueKeyPrefix "usePassword") (eq $standarizedVersion "true") }} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $useAuth := include "common.utils.getValueFromKey" (dict "key" $valueKeyRedisUseAuth "context" .context) -}} + {{- if eq $useAuth "true" -}} + {{- $requiredRedisPassword := dict "valueKey" $valueKeyRedisPassword "secret" .secret "field" "redis-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRedisPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled redis. + +Usage: +{{ include "common.redis.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.redis.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.redis.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right prefix path for the values + +Usage: +{{ include "common.redis.values.key.prefix" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false +*/}} +{{- define "common.redis.values.keys.prefix" -}} + {{- if .subchart -}}redis.{{- else -}}{{- end -}} +{{- end -}} + +{{/* +Checks whether the redis chart's includes the standarizations (version >= 14) + +Usage: +{{ include "common.redis.values.standarized.version" (dict "context" $) }} +*/}} +{{- define "common.redis.values.standarized.version" -}} + + {{- $standarizedAuth := printf "%s%s" (include "common.redis.values.keys.prefix" .) "auth" -}} + {{- $standarizedAuthValues := include "common.utils.getValueFromKey" (dict "key" $standarizedAuth "context" .context) }} + + {{- if $standarizedAuthValues -}} + {{- true -}} + {{- end -}} +{{- end -}} diff --git a/charts/thanos/charts/common/templates/validations/_validations.tpl b/charts/thanos/charts/common/templates/validations/_validations.tpl new file mode 100644 index 0000000000..7cdee61700 --- /dev/null +++ b/charts/thanos/charts/common/templates/validations/_validations.tpl @@ -0,0 +1,51 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Validate values must not be empty. + +Usage: +{{- $validateValueConf00 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-00") -}} +{{- $validateValueConf01 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-01") -}} +{{ include "common.validations.values.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} + +Validate value params: + - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" + - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" + - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" +*/}} +{{- define "common.validations.values.multiple.empty" -}} + {{- range .required -}} + {{- include "common.validations.values.single.empty" (dict "valueKey" .valueKey "secret" .secret "field" .field "context" $.context) -}} + {{- end -}} +{{- end -}} + +{{/* +Validate a value must not be empty. + +Usage: +{{ include "common.validations.value.empty" (dict "valueKey" "mariadb.password" "secret" "secretName" "field" "my-password" "subchart" "subchart" "context" $) }} + +Validate value params: + - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" + - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" + - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" + - subchart - String - Optional - Name of the subchart that the validated password is part of. +*/}} +{{- define "common.validations.values.single.empty" -}} + {{- $value := include "common.utils.getValueFromKey" (dict "key" .valueKey "context" .context) }} + {{- $subchart := ternary "" (printf "%s." .subchart) (empty .subchart) }} + + {{- if not $value -}} + {{- $varname := "my-value" -}} + {{- $getCurrentValue := "" -}} + {{- if and .secret .field -}} + {{- $varname = include "common.utils.fieldToEnvVar" . -}} + {{- $getCurrentValue = printf " To get the current value:\n\n %s\n" (include "common.utils.secret.getvalue" .) -}} + {{- end -}} + {{- printf "\n '%s' must not be empty, please add '--set %s%s=$%s' to the command.%s" .valueKey $subchart .valueKey $varname $getCurrentValue -}} + {{- end -}} +{{- end -}} diff --git a/charts/thanos/charts/common/values.yaml b/charts/thanos/charts/common/values.yaml new file mode 100644 index 0000000000..de2cac57d0 --- /dev/null +++ b/charts/thanos/charts/common/values.yaml @@ -0,0 +1,8 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +## bitnami/common +## It is required by CI/CD tools and processes. +## @skip exampleValue +## +exampleValue: common-chart diff --git a/charts/thanos/templates/NOTES.txt b/charts/thanos/templates/NOTES.txt new file mode 100644 index 0000000000..66f7128d75 --- /dev/null +++ b/charts/thanos/templates/NOTES.txt @@ -0,0 +1,80 @@ +CHART NAME: {{ .Chart.Name }} +CHART VERSION: {{ .Chart.Version }} +APP VERSION: {{ .Chart.AppVersion }} + +** Please be patient while the chart is being deployed ** + +Thanos chart was deployed enabling the following components: + +{{- if .Values.query.enabled }} +- Thanos Query +{{- end }} +{{- if .Values.bucketweb.enabled }} +- Thanos Bucket Web +{{- end }} +{{- if .Values.compactor.enabled }} +- Thanos Compactor +{{- end }} +{{- if .Values.ruler.enabled }} +- Thanos Ruler +{{- end }} +{{- if .Values.storegateway.enabled }} +- Thanos Store Gateway +{{- end }} + +{{- if .Values.query.enabled }} + +Thanos Query can be accessed through following DNS name from within your cluster: + + {{ include "thanos.query.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} (port {{ .Values.query.service.ports.http }}) + +To access Thanos Query from outside the cluster execute the following commands: + +{{- if .Values.query.ingress.enabled }} + +1. Get the Thanos Query URL and associate Thanos Query hostname to your cluster external IP: + + export CLUSTER_IP=$(minikube ip) # On Minikube. Use: `kubectl cluster-info` on others K8s clusters + echo "Thanos Query URL: http{{ if .Values.query.ingress.tls }}s{{ end }}://{{ .Values.query.ingress.hostname }}/" + echo "$CLUSTER_IP {{ .Values.query.ingress.hostname }}" | sudo tee -a /etc/hosts + +{{- else }} + +1. Get the Thanos Query URL by running these commands: + +{{- if contains "NodePort" .Values.query.service.type }} + + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "thanos.query.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo "http://${NODE_IP}:${NODE_PORT}" + +{{- else if contains "LoadBalancer" .Values.query.service.type }} + + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "thanos.query.fullname" . }}' + + export SERVICE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].port}" services {{ include "thanos.query.fullname" . }}) + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "thanos.query.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo "http://${SERVICE_IP}:${SERVICE_PORT}" + +{{- else if contains "ClusterIP" .Values.query.service.type }} + + export SERVICE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].port}" services {{ include "thanos.query.fullname" . }}) + kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "thanos.query.fullname" . }} ${SERVICE_PORT}:${SERVICE_PORT} & + echo "http://127.0.0.1:${SERVICE_PORT}" + +{{- end }} +{{- end }} + +2. Open a browser and access Thanos Query using the obtained URL. + +{{- else }} + +WARNING: You deployed Thanos without enabling Thanos Query!! + +{{- end }} + +{{- include "thanos.validateValues" . }} +{{- include "thanos.checkRollingTags" . }} +{{- include "common.warnings.resources" (dict "sections" (list "bucketweb" "compactor" "query" "queryFrontend" "receive" "receiveDistributor" "ruler" "storegateway") "context" $) }} +{{- include "common.warnings.modifiedImages" (dict "images" (list .Values.image .Values.volumePermissions.image) "context" $) }} \ No newline at end of file diff --git a/charts/thanos/templates/_helpers.tpl b/charts/thanos/templates/_helpers.tpl new file mode 100644 index 0000000000..fd1524864b --- /dev/null +++ b/charts/thanos/templates/_helpers.tpl @@ -0,0 +1,642 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} + +{{/* +Fully qualified app name for PostgreSQL +*/}} +{{- define "thanos.minio.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- printf "%s-minio" .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- printf "%s-minio" .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s-minio" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper Thanos bucketweb fullname +*/}} +{{- define "thanos.bucketweb.fullname" -}} +{{- printf "%s-%s" (include "common.names.fullname" .) "bucketweb" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Return the proper Thanos compactor fullname +*/}} +{{- define "thanos.compactor.fullname" -}} +{{- printf "%s-%s" (include "common.names.fullname" .) "compactor" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Return the proper Thanos query-frontend fullname +*/}} +{{- define "thanos.query-frontend.fullname" -}} +{{- printf "%s-%s" (include "common.names.fullname" .) "query-frontend" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Return the proper Thanos query fullname +*/}} +{{- define "thanos.query.fullname" -}} +{{- printf "%s-%s" (include "common.names.fullname" .) "query" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Return the proper Thanos receive-distributor fullname +*/}} +{{- define "thanos.receive-distributor.fullname" -}} +{{- printf "%s-%s" (include "common.names.fullname" .) "receive-distributor" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Return the proper Thanos receive fullname +*/}} +{{- define "thanos.receive.fullname" -}} +{{- printf "%s-%s" (include "common.names.fullname" .) "receive" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Return the proper Thanos compactor fullname +*/}} +{{- define "thanos.ruler.fullname" -}} +{{- printf "%s-%s" (include "common.names.fullname" .) "ruler" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Return the proper Thanos storegateway fullname +*/}} +{{- define "thanos.storegateway.fullname" -}} +{{- printf "%s-%s" (include "common.names.fullname" .) "storegateway" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Return the proper Thanos image name +*/}} +{{- define "thanos.image" -}} +{{- include "common.images.image" ( dict "imageRoot" .Values.image "global" .Values.global ) -}} +{{- end -}} + +{{/* +Return the proper init container volume-permissions image name +*/}} +{{- define "thanos.volumePermissions.image" -}} +{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "thanos.imagePullSecrets" -}} +{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.volumePermissions.image) "global" .Values.global) -}} +{{- end -}} + +{{/* +Return the Thanos Objstore configuration secret. +*/}} +{{- define "thanos.objstoreSecretName" -}} +{{- if .Values.existingObjstoreSecret -}} + {{- printf "%s" (tpl .Values.existingObjstoreSecret $) -}} +{{- else -}} + {{- printf "%s-objstore-secret" (include "common.names.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a secret object should be created +*/}} +{{- define "thanos.createObjstoreSecret" -}} +{{- if and .Values.objstoreConfig (not .Values.existingObjstoreSecret) }} + {{- true -}} +{{- else -}} +{{- end -}} +{{- end -}} + +{{/* +Return the object store config +*/}} +{{- define "thanos.objstoreConfig" -}} +{{- if and .Values.objstoreConfig (not .Values.existingObjstoreSecret) }} +objstore.yml: |- + {{- include "common.tplvalues.render" (dict "value" .Values.objstoreConfig "context" $) | b64enc | nindent 2 }} +{{- end }} +{{- end -}} + +{{/* +Return the storegateway config +*/}} +{{- define "thanos.storegatewayConfigMap" -}} +{{- if .Values.storegateway.config }} +config.yml: |- + {{- include "common.tplvalues.render" (dict "value" .Values.storegateway.config "context" $) | nindent 2 }} +{{- end }} +{{- if .Values.indexCacheConfig }} +index-cache.yml: |- + {{- include "common.tplvalues.render" (dict "value" .Values.indexCacheConfig "context" $) | nindent 2 }} +{{- end }} +{{- if .Values.bucketCacheConfig }} +bucket-cache.yml: |- + {{- include "common.tplvalues.render" (dict "value" .Values.bucketCacheConfig "context" $) | nindent 2 }} +{{- end }} +{{- end -}} + +{{/* +Return the ruler config +*/}} +{{- define "thanos.rulerConfigMap" -}} +{{- if and .Values.ruler.config (not .Values.ruler.existingConfigmap) }} +ruler.yml: |- + {{- include "common.tplvalues.render" (dict "value" .Values.ruler.config "context" $) | nindent 2 }} +{{- end }} +{{- end -}} + +{{/* +Return the receive config +*/}} +{{- define "thanos.receiveConfigMap" -}} +hashrings.json: |- + {{- include "common.tplvalues.render" (dict "value" (include "thanos.receive.config" .) "context" .) | nindent 2 }} +{{- end -}} + +{{/* +Return the query config +*/}} +{{- define "thanos.querySDConfigMap" -}} +{{- if and .Values.query.sdConfig (not .Values.query.existingSDConfigmap) }} +servicediscovery.yml: |- + {{- include "common.tplvalues.render" (dict "value" .Values.query.sdConfig "context" $) | nindent 2 }} +{{- end }} +{{- end -}} + +{{/* +Return the query frontend config +*/}} +{{- define "thanos.queryFrontendConfigMap" -}} +{{- if and .Values.queryFrontend.config (not .Values.queryFrontend.existingConfigmap) }} +config.yml: |- + {{- include "common.tplvalues.render" (dict "value" .Values.queryFrontend.config "context" $) | nindent 2 }} +{{- end }} +{{- end -}} + +{{/* +Return the Thanos HTTPS and basic auth configuration secret. +*/}} +{{- define "thanos.httpConfigEnabled" -}} +{{- if or .Values.existingHttpConfigSecret .Values.https.enabled .Values.auth.basicAuthUsers .Values.httpConfig }} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Return the Thanos HTTPS and basic auth configuration secret. +*/}} +{{- define "thanos.httpCertsSecretName" -}} +{{- if .Values.https.existingSecret -}} + {{- printf "%s" (tpl .Values.https.existingSecret $) -}} +{{- else -}} + {{- printf "%s-http-certs-secret" (include "common.names.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return the Thanos HTTPS and basic auth configuration secret. +*/}} +{{- define "thanos.httpConfigSecretName" -}} +{{- if .Values.existingHttpConfigSecret -}} + {{- printf "%s" (tpl .Values.existingHttpConfigSecret $) -}} +{{- else -}} + {{- printf "%s-http-config-secret" (include "common.names.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a secret object should be created +*/}} +{{- define "thanos.createHttpConfigSecret" -}} +{{- if and (not .Values.existingHttpConfigSecret) (or .Values.https.enabled .Values.auth.basicAuthUsers .Values.httpConfig) }} + {{- true -}} +{{- else -}} +{{- end -}} +{{- end -}} + +{{/* +Return the Thanos Query Service Discovery configuration configmap. +*/}} +{{- define "thanos.query.SDConfigmapName" -}} +{{- if .Values.query.existingSDConfigmap -}} + {{- printf "%s" (tpl .Values.query.existingSDConfigmap $) -}} +{{- else -}} + {{- printf "%s-query-sd" (include "common.names.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a configmap object should be created +*/}} +{{- define "thanos.query.createSDConfigmap" -}} +{{- if and .Values.query.sdConfig (not .Values.query.existingSDConfigmap) }} + {{- true -}} +{{- else -}} +{{- end -}} +{{- end -}} + +{{/* +Return the Thanos Ruler configuration configmap. +*/}} +{{- define "thanos.ruler.configmapName" -}} +{{- if .Values.ruler.existingConfigmap -}} + {{- printf "%s" (tpl .Values.ruler.existingConfigmap $) -}} +{{- else -}} + {{- printf "%s-ruler" (include "common.names.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return the queryURL used by Thanos Ruler. +*/}} +{{- define "thanos.ruler.queryURL" -}} +{{- if and .Values.queryFrontend.enabled .Values.queryFrontend.ingress.enabled .Values.queryFrontend.ingress.hostname .Values.queryFrontend.ingress.overrideAlertQueryURL -}} + {{- printf "%s://%s" (ternary "https" "http" .Values.queryFrontend.ingress.tls) (tpl .Values.queryFrontend.ingress.hostname .) -}} +{{- else -}} +{{- if .Values.ruler.queryURL -}} + {{- printf "%s" (tpl .Values.ruler.queryURL $) -}} +{{- else -}} + {{- printf "http://%s-query.%s.svc.%s:%d" (include "common.names.fullname" . ) .Release.Namespace .Values.clusterDomain (int .Values.query.service.ports.http) -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a configmap object should be created +*/}} +{{- define "thanos.ruler.createConfigmap" -}} +{{- if and .Values.ruler.config (not .Values.ruler.existingConfigmap) }} + {{- true -}} +{{- else -}} +{{- end -}} +{{- end -}} + +{{/* +Return the Thanos storegateway configuration configmap. +*/}} +{{- define "thanos.storegateway.configmapName" -}} +{{- if .Values.storegateway.existingConfigmap -}} + {{- printf "%s" (tpl .Values.storegateway.existingConfigmap $) -}} +{{- else -}} + {{- printf "%s-storegateway" (include "common.names.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return the Thanos Query Frontend configuration configmap. +*/}} +{{- define "thanos.queryFrontend.configmapName" -}} +{{- if .Values.queryFrontend.existingConfigmap -}} + {{- printf "%s" (tpl .Values.queryFrontend.existingConfigmap $) -}} +{{- else -}} + {{- printf "%s-query-frontend" (include "common.names.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a configmap object should be created +*/}} +{{- define "thanos.queryFrontend.createConfigmap" -}} +{{- if and .Values.queryFrontend.config (not .Values.queryFrontend.existingConfigmap) }} + {{- true -}} +{{- else -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a configmap object should be created +*/}} +{{- define "thanos.storegateway.createConfigmap" -}} +{{- if and (or .Values.storegateway.config .Values.indexCacheConfig .Values.bucketCacheConfig) (not .Values.storegateway.existingConfigmap) }} + {{- true -}} +{{- else -}} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the service account to use (bucketweb) +*/}} +{{- define "thanos.bucketweb.serviceAccountName" -}} +{{- if .Values.bucketweb.serviceAccount.create -}} + {{ default (include "thanos.bucketweb.fullname" .) .Values.bucketweb.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.bucketweb.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the service account to use (compactor) +*/}} +{{- define "thanos.compactor.serviceAccountName" -}} +{{- if .Values.compactor.serviceAccount.create -}} + {{ default (include "thanos.compactor.fullname" .) .Values.compactor.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.compactor.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the service account to use (query) +*/}} +{{- define "thanos.query.serviceAccountName" -}} +{{- if .Values.query.serviceAccount.create -}} + {{ default (include "thanos.query.fullname" .) .Values.query.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.query.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the service account to use (queryFrontend) +*/}} +{{- define "thanos.query-frontend.serviceAccountName" -}} +{{- if .Values.queryFrontend.serviceAccount.create -}} + {{ default (include "thanos.query-frontend.fullname" .) .Values.queryFrontend.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.queryFrontend.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the service account to use (receive) +*/}} +{{- define "thanos.receive.serviceAccountName" -}} +{{- if .Values.receive.serviceAccount.create -}} + {{ default (include "thanos.receive.fullname" .) .Values.receive.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.receive.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the service account to use (receiveDistributor) +*/}} +{{- define "thanos.receive-distributor.serviceAccountName" -}} +{{- if .Values.receiveDistributor.serviceAccount.create -}} + {{ default (include "thanos.receive-distributor.fullname" .) .Values.receiveDistributor.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.receiveDistributor.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the service account to use (ruler) +*/}} +{{- define "thanos.ruler.serviceAccountName" -}} +{{- if .Values.ruler.serviceAccount.create -}} + {{ default (include "thanos.ruler.fullname" .) .Values.ruler.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.ruler.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the service account to use (storegateway) +*/}} +{{- define "thanos.storegateway.serviceAccountName" -}} +{{- if .Values.storegateway.serviceAccount.create -}} + {{ default (include "thanos.storegateway.fullname" .) .Values.storegateway.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.storegateway.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Return the Thanos Compactor pvc name +*/}} +{{- define "thanos.compactor.pvcName" -}} +{{- if .Values.compactor.persistence.existingClaim -}} + {{- printf "%s" (tpl .Values.compactor.persistence.existingClaim $) -}} +{{- else -}} + {{- printf "%s-compactor" (include "common.names.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Check if there are rolling tags in the images +*/}} +{{- define "thanos.checkRollingTags" -}} +{{- include "common.warnings.rollingTag" .Values.image -}} +{{- include "common.warnings.rollingTag" .Values.volumePermissions.image -}} +{{- end -}} + +{{/* +Compile all warnings into a single message, and call fail. +*/}} +{{- define "thanos.validateValues" -}} +{{- $messages := list -}} +{{- $messages := append $messages (include "thanos.validateValues.objstore" .) -}} +{{- $messages := append $messages (include "thanos.validateValues.ruler.alertmanagers" .) -}} +{{- $messages := append $messages (include "thanos.validateValues.ruler.config" .) -}} +{{- $messages := append $messages (include "thanos.validateValues.sharded.service" .) -}} +{{- $messages := append $messages (include "thanos.validateValues.receive" .) -}} +{{- $messages := without $messages "" -}} +{{- $message := join "\n" $messages -}} + +{{- if $message -}} +{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} +{{- end -}} +{{- end -}} + +{{/* Validate values of Thanos - Objstore configuration */}} +{{- define "thanos.validateValues.objstore" -}} +{{- if and (or .Values.bucketweb.enabled .Values.compactor.enabled .Values.ruler.enabled .Values.storegateway.enabled) (not (include "thanos.createObjstoreSecret" .)) ( not .Values.existingObjstoreSecret) -}} +thanos: objstore configuration + When enabling Bucket Web, Compactor, Ruler or Store component, + you must provide a valid objstore configuration. + There are three alternatives to provide it: + 1) Provide it using the 'objstoreConfig' parameter + 2) Provide it using an existing Secret and using the 'existingObjstoreSecret' parameter + 3) Put your objstore.yml under the 'files/conf/' directory +{{- end -}} + +{{- end -}} +{{/* Validate values of Thanos - Objstore configuration */}} +{{- define "thanos.validateValues.receive" -}} +{{- if and .Values.receive.enabled .Values.receive.autoscaling.enabled (eq .Values.receive.mode "standalone") -}} +thanos: receive configuration + Thanos receive component cannot be enabled with autoscaling and standalone mode at the same time or the receive hashring will not be properly configured. + To achieve autoscaling, + 1) Set the 'receive.mode' to 'dual-mode' (see ref: https://github.com/thanos-io/thanos/blob/release-0.22/docs/proposals-accepted/202012-receive-split.md) + 2) Set the 'receive.existingConfigMap' the same as here https://github.com/observatorium/thanos-receive-controller/blob/7140e9476289b57b815692c3ec2dfd95b5fb4b6b/examples/manifests/deployment.yaml#L29 + 3) Set the 'receive.statefulsetLabels' to: + controller.receive.thanos.io: thanos-receive-controller + controller.receive.thanos.io/hashring: default (same as https://github.com/observatorium/thanos-receive-controller/blob/7140e9476289b57b815692c3ec2dfd95b5fb4b6b/examples/manifests/configmap.yaml#L6) + 4) Deploy Thanos Receive Controller as shown here: https://github.com/observatorium/thanos-receive-controller/tree/main/examples/manifests (remember to adjust the namespace according to your environment) +{{- end -}} +{{- end -}} + +{{/* Validate values of Thanos - Ruler Alertmanager(s) */}} +{{- define "thanos.validateValues.ruler.alertmanagers" -}} +{{/* Check the emptiness of the values */}} +{{- if and .Values.ruler.enabled ( and (empty .Values.ruler.alertmanagers) (empty .Values.ruler.alertmanagersConfig)) -}} +thanos: ruler alertmanagers + When enabling Ruler component, you must provide either alermanagers URL(s) or an alertmanagers configuration. + See https://github.com/thanos-io/thanos/blob/ef94b7e6468d94e2c47943ebf5fc6db24c48d867/docs/components/rule.md#flags and https://github.com/thanos-io/thanos/blob/ef94b7e6468d94e2c47943ebf5fc6db24c48d867/docs/components/rule.md#Configuration for more information. +{{- end -}} +{{/* Check that the values are defined in a mutually exclusive manner */}} +{{- if and .Values.ruler.enabled .Values.ruler.alertmanagers .Values.ruler.alertmanagersConfig -}} +thanos: ruler alertmanagers + Only one of the following can be used at one time: + * .Values.ruler.alertmanagers + * .Values.ruler.alertmanagersConfig + Otherwise, the configurations will collide and Thanos will error out. Please consolidate your configuration + into one of the above options. +{{- end -}} +{{- end -}} + +{{/* Validate values of Thanos - Ruler configuration */}} +{{- define "thanos.validateValues.ruler.config" -}} +{{- if and .Values.ruler.enabled (not (include "thanos.ruler.createConfigmap" .)) (not .Values.ruler.existingConfigmap) -}} +thanos: ruler configuration + When enabling Ruler component, you must provide a valid configuration. + There are three alternatives to provide it: + 1) Provide it using the 'ruler.config' parameter + 2) Provide it using an existing Configmap and using the 'ruler.existingConfigmap' parameter + 3) Put your ruler.yml under the 'files/conf/' directory +{{- end -}} +{{- end -}} + +{{/* Validate values of Thanos - number of sharded service properties */}} +{{- define "thanos.validateValues.sharded.service" -}} +{{- if and .Values.storegateway.sharded.enabled (not (empty .Values.storegateway.sharded.service.clusterIPs) ) -}} +{{- if eq "false" (include "thanos.validateValues.storegateway.sharded.length" (dict "property" $.Values.storegateway.sharded.service.clusterIPs "context" $) ) }} +thanos: storegateway.sharded.service.clusterIPs + The number of shards does not match the number of ClusterIPs $.Values.storegateway.sharded.service.clusterIPs +{{- end -}} +{{- end -}} +{{- if and .Values.storegateway.sharded.enabled (not (empty .Values.storegateway.sharded.service.loadBalancerIPs) ) -}} +{{- if eq "false" (include "thanos.validateValues.storegateway.sharded.length" (dict "property" $.Values.storegateway.sharded.service.loadBalancerIPs "context" $) ) }} +thanos: storegateway.sharded.service.loadBalancerIPs + The number of shards does not match the number of loadBalancerIPs $.Values.storegateway.sharded.service.loadBalancerIPs +{{- end -}} +{{- end -}} +{{- if and .Values.storegateway.sharded.enabled (not (empty .Values.storegateway.sharded.service.http.nodePorts) ) -}} +{{- if eq "false" (include "thanos.validateValues.storegateway.sharded.length" (dict "property" $.Values.storegateway.sharded.service.http.nodePorts "context" $) ) }} +thanos: storegateway.sharded.service.http.nodePorts + The number of shards does not match the number of http.nodePorts $.Values.storegateway.sharded.service.http.nodePorts +{{- end -}} +{{- end -}} +{{- if and .Values.storegateway.sharded.enabled (not (empty .Values.storegateway.sharded.service.grpc.nodePorts) ) -}} +{{- if eq "false" (include "thanos.validateValues.storegateway.sharded.length" (dict "property" $.Values.storegateway.sharded.service.grpc.nodePorts "context" $) ) }} +thanos: storegateway.sharded.service.grpc.nodePorts + The number of shards does not match the number of grpc.nodePorts $.Values.storegateway.sharded.service.grpc.nodePorts +{{- end -}} +{{- end -}} +{{- end -}} + +{{- define "thanos.validateValues.storegateway.sharded.length" -}} +{{/* Get number of shards */}} +{{- $shards := int 0 }} +{{- if .context.Values.storegateway.sharded.hashPartitioning.shards }} + {{- $shards = int .context.Values.storegateway.sharded.hashPartitioning.shards }} +{{- else }} + {{- $shards = len .context.Values.storegateway.sharded.timePartitioning }} +{{- end }} +{{- $propertyLength := (len .property) -}} +{{/* Validate property */}} +{{- if ne $shards $propertyLength -}} +false +{{- end }} +{{- end }} + +{{/* +Return true if a hashring configmap object should be created +*/}} +{{- define "thanos.receive.createConfigmap" -}} +{{- if and .Values.receive.enabled (not .Values.receive.existingConfigmap) }} + {{- true -}} +{{- else -}} +{{- end -}} +{{- end -}} + +{{/* +Return the Thanos receive hashring configuration configmap. +*/}} +{{- define "thanos.receive.configmapName" -}} +{{- if .Values.receive.existingConfigmap -}} + {{- printf "%s" (tpl .Values.receive.existingConfigmap $) -}} +{{- else -}} + {{- printf "%s-receive" (include "common.names.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* Return the proper pod fqdn of the replica. +Usage: +{{ include "thanos.receive.podFqdn" (dict "root" . "extra" $suffix ) }} +*/}} +{{- define "thanos.receive.podFqdn" -}} +{{- printf "\"%s-receive-%d.%s-receive-headless.%s.svc.%s:10901\"" (include "common.names.fullname" .root ) .extra (include "common.names.fullname" .root ) .root.Release.Namespace .root.Values.clusterDomain -}} +{{- end -}} + +{{/* Returns a proper configuration when no config is specified +Usage: +{{ include "thanos.receive.config" . }} +*/}} +{{- define "thanos.receive.config" -}} +{{- if not .Values.receive.existingConfigmap }} +{{- if not .Values.receive.config -}} +{{- if .Values.receive.service.additionalHeadless -}} +{{- $count := int .Values.receive.replicaCount -}} +{{- $endpoints_dict := dict "endpoints" (list) -}} +{{- $root := . -}} +{{- range $i := until $count -}} +{{- $data := dict "root" $root "extra" $i -}} +{{- $noop := (include "thanos.receive.podFqdn" $data) | append $endpoints_dict.endpoints | set $endpoints_dict "endpoints" -}} +{{- end -}} +[ + { + "endpoints": [ +{{ join ",\n" $endpoints_dict.endpoints | indent 6 }} + ] + } +] +{{- else -}} +[ + { + "endpoints": [ + "127.0.0.1:10901" + ] + } +] +{{- end -}} +{{- else -}} +{{- if (typeIs "string" .Values.receive.config) }} +{{- .Values.receive.config -}} +{{- else -}} +{{- .Values.receive.config | toPrettyJson -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Labels to use on serviceMonitor.spec.selector and svc.metadata.labels +*/}} +{{- define "thanos.servicemonitor.matchLabels" -}} +{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled -}} +prometheus-operator/monitor: 'true' +{{- end }} +{{- end }} + +{{/* +Labels to use on serviceMonitor.spec.selector +*/}} +{{- define "thanos.servicemonitor.selector" -}} +{{- include "thanos.servicemonitor.matchLabels" $ }} +{{ if .Values.metrics.serviceMonitor.selector -}} +{{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.selector "context" $)}} +{{- end -}} +{{- end -}} diff --git a/charts/thanos/templates/alert-rule/absent_rules.yml b/charts/thanos/templates/alert-rule/absent_rules.yml new file mode 100644 index 0000000000..71e69dd5d6 --- /dev/null +++ b/charts/thanos/templates/alert-rule/absent_rules.yml @@ -0,0 +1,134 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- /* +Generated from https://github.com/thanos-io/thanos/blob/main/examples/alerts/alerts.md +*/ -}} +{{- if and .Values.metrics.enabled (or .Values.metrics.prometheusRule.default.create .Values.metrics.prometheusRule.default.absent_rules ) }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ template "common.names.fullname" . }}-component-absent + namespace: {{ default .Release.Namespace .Values.metrics.prometheusRule.namespace | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if .Values.metrics.prometheusRule.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + groups: + - name: thanos-component-absent + rules: + {{- if not (.Values.metrics.prometheusRule.default.disabled.ThanosCompactIsDown | default false) }} + - alert: ThanosCompactIsDown + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 8 }} + {{- end }} + description: ThanosCompact has disappeared. Prometheus target for the component cannot be discovered. + runbook_url: {{ .Values.metrics.prometheusRule.runbookUrl }}thanoscompactisdown + summary: Thanos component has disappeared. + expr: | + absent(up{job=~".*{{ include "thanos.compactor.fullname" . }}.*"} == 1) + for: 5m + labels: + severity: critical + {{- if .Values.metrics.prometheusRule.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 8 }} + {{- end }} + {{- end }} + {{- if not (.Values.metrics.prometheusRule.default.disabled.ThanosQueryIsDown | default false) }} + - alert: ThanosQueryIsDown + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 8 }} + {{- end }} + description: ThanosQuery has disappeared. Prometheus target for the component cannot be discovered. + runbook_url: {{ .Values.metrics.prometheusRule.runbookUrl }}thanosqueryisdown + summary: Thanos component has disappeared. + expr: | + absent(up{job=~".*{{ include "thanos.query.fullname" . }}.*"} == 1) + for: 5m + labels: + severity: critical + {{- if .Values.metrics.prometheusRule.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 8 }} + {{- end }} + {{- end }} + {{- if not (.Values.metrics.prometheusRule.default.disabled.ThanosReceiveIsDown | default false) }} + - alert: ThanosReceiveIsDown + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 8 }} + {{- end }} + description: ThanosReceive has disappeared. Prometheus target for the component cannot be discovered. + runbook_url: {{ .Values.metrics.prometheusRule.runbookUrl }}thanosreceiveisdown + summary: Thanos component has disappeared. + expr: | + absent(up{job=~".*{{ include "thanos.receive.fullname" . }}.*"} == 1) + for: 5m + labels: + severity: critical + {{- if .Values.metrics.prometheusRule.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 8 }} + {{- end }} + {{- end }} + {{- if not (.Values.metrics.prometheusRule.default.disabled.ThanosRuleIsDown | default false) }} + - alert: ThanosRuleIsDown + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 8 }} + {{- end }} + description: ThanosRule has disappeared. Prometheus target for the component cannot be discovered. + runbook_url: {{ .Values.metrics.prometheusRule.runbookUrl }}thanosruleisdown + summary: Thanos component has disappeared. + expr: | + absent(up{job=~".*{{ include "thanos.ruler.fullname" . }}.*"} == 1) + for: 5m + labels: + severity: critical + {{- if .Values.metrics.prometheusRule.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 8 }} + {{- end }} + {{- end }} + {{- if not (.Values.metrics.prometheusRule.default.disabled.ThanosSidecarIsDown | default false) }} + - alert: ThanosSidecarIsDown + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 8 }} + {{- end }} + description: ThanosSidecar has disappeared. Prometheus target for the component cannot be discovered. + runbook_url: {{ .Values.metrics.prometheusRule.runbookUrl }}thanossidecarisdown + summary: Thanos component has disappeared. + expr: | + absent(up{job=~"{{ .Values.metrics.prometheusRule.default.sidecarJobRegex }}"} == 1) + for: 5m + labels: + severity: critical + {{- if .Values.metrics.prometheusRule.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 8 }} + {{- end }} + {{- end }} + {{- if not (.Values.metrics.prometheusRule.default.disabled.ThanosStoreIsDown | default false) }} + - alert: ThanosStoreIsDown + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 8 }} + {{- end }} + description: ThanosStore has disappeared. Prometheus target for the component cannot be discovered. + runbook_url: {{ .Values.metrics.prometheusRule.runbookUrl }}thanosstoreisdown + summary: Thanos component has disappeared. + expr: | + absent(up{job=~".*{{ include "thanos.storegateway.fullname" . }}.*"} == 1) + for: 5m + labels: + severity: critical + {{- if .Values.metrics.prometheusRule.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 8 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/thanos/templates/alert-rule/compaction.yml b/charts/thanos/templates/alert-rule/compaction.yml new file mode 100644 index 0000000000..77feb21de0 --- /dev/null +++ b/charts/thanos/templates/alert-rule/compaction.yml @@ -0,0 +1,122 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- /* +Generated from https://github.com/thanos-io/thanos/blob/main/examples/alerts/alerts.md +*/ -}} +{{- if and .Values.metrics.enabled (or .Values.metrics.prometheusRule.default.create .Values.metrics.prometheusRule.default.compaction ) }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ template "common.names.fullname" . }}-compact + namespace: {{ default .Release.Namespace .Values.metrics.prometheusRule.namespace | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if .Values.metrics.prometheusRule.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + groups: + - name: thanos-compact + rules: + {{- if not (.Values.metrics.prometheusRule.default.disabled.ThanosCompactMultipleRunning | default false) }} + - alert: ThanosCompactMultipleRunning + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 8 }} + {{- end }} + description: No more than one Thanos Compact instance should be running at once. There are {{`{{`}} $value {{`}}`}} instances running. + runbook_url: {{ .Values.metrics.prometheusRule.runbookUrl }}thanoscompactmultiplerunning + summary: Thanos Compact has multiple instances running. + expr: sum by (job) (up{job=~".*{{ include "thanos.compactor.fullname" . }}.*"}) > 1 + for: 5m + labels: + severity: warning + {{- if .Values.metrics.prometheusRule.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 8 }} + {{- end }} + {{- end }} + {{- if not (.Values.metrics.prometheusRule.default.disabled.ThanosCompactHalted | default false) }} + - alert: ThanosCompactHalted + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 8 }} + {{- end }} + description: Thanos Compact {{`{{`}} $labels.job {{`}}`}} has failed to run and now is halted. + runbook_url: {{ .Values.metrics.prometheusRule.runbookUrl }}thanoscompacthalted + summary: Thanos Compact has failed to run and is now halted. + expr: thanos_compact_halted{job=~".*{{ include "thanos.compactor.fullname" . }}.*"} == 1 + for: 5m + labels: + severity: warning + {{- if .Values.metrics.prometheusRule.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 8 }} + {{- end }} + {{- end }} + {{- if not (.Values.metrics.prometheusRule.default.disabled.ThanosCompactHighCompactionFailures | default false) }} + - alert: ThanosCompactHighCompactionFailures + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 8 }} + {{- end }} + description: Thanos Compact {{`{{`}} $labels.job {{`}}`}} is failing to execute {{`{{`}} $value | humanize {{`}}`}}% of compactions. + runbook_url: {{ .Values.metrics.prometheusRule.runbookUrl }}thanoscompacthighcompactionfailures + summary: Thanos Compact is failing to execute compactions. + expr: | + ( + sum by (job) (rate(thanos_compact_group_compactions_failures_total{job=~".*{{ include "thanos.compactor.fullname" . }}.*"}[5m])) + / + sum by (job) (rate(thanos_compact_group_compactions_total{job=~".*{{ include "thanos.compactor.fullname" . }}.*"}[5m])) + * 100 > 5 + ) + for: 15m + labels: + severity: warning + {{- if .Values.metrics.prometheusRule.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 8 }} + {{- end }} + {{- end }} + {{- if not (.Values.metrics.prometheusRule.default.disabled.ThanosCompactBucketHighOperationFailures | default false) }} + - alert: ThanosCompactBucketHighOperationFailures + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 8 }} + {{- end }} + description: Thanos Compact {{`{{`}} $labels.job {{`}}`}} Bucket is failing to execute {{`{{`}} $value | humanize {{`}}`}}% of operations. + runbook_url: {{ .Values.metrics.prometheusRule.runbookUrl }}thanoscompactbuckethighoperationfailures + summary: Thanos Compact Bucket is having a high number of operation failures. + expr: | + ( + sum by (job) (rate(thanos_objstore_bucket_operation_failures_total{job=~".*{{ include "thanos.compactor.fullname" . }}.*"}[5m])) + / + sum by (job) (rate(thanos_objstore_bucket_operations_total{job=~".*{{ include "thanos.compactor.fullname" . }}.*"}[5m])) + * 100 > 5 + ) + for: 15m + labels: + severity: warning + {{- if .Values.metrics.prometheusRule.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 8 }} + {{- end }} + {{- end }} + {{- if not (.Values.metrics.prometheusRule.default.disabled.ThanosCompactHasNotRun | default false) }} + - alert: ThanosCompactHasNotRun + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 8 }} + {{- end }} + description: Thanos Compact {{`{{`}} $labels.job {{`}}`}} has not uploaded anything for 24 hours. + runbook_url: {{ .Values.metrics.prometheusRule.runbookUrl }}thanoscompacthasnotrun + summary: Thanos Compact has not uploaded anything for last 24 hours. + expr: (time() - max by (job) (max_over_time(thanos_objstore_bucket_last_successful_upload_time{job=~".*{{ include "thanos.compactor.fullname" . }}.*"}[24h]))) / 60 / 60 > 24 + labels: + severity: warning + {{- if .Values.metrics.prometheusRule.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 8 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/thanos/templates/alert-rule/query.yml b/charts/thanos/templates/alert-rule/query.yml new file mode 100644 index 0000000000..bbc13309d9 --- /dev/null +++ b/charts/thanos/templates/alert-rule/query.yml @@ -0,0 +1,201 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- /* +Generated from https://github.com/thanos-io/thanos/blob/main/examples/alerts/alerts.md +*/ -}} +{{- if and .Values.metrics.enabled (or .Values.metrics.prometheusRule.default.create .Values.metrics.prometheusRule.default.query ) }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ include "thanos.query.fullname" . }} + namespace: {{ default .Release.Namespace .Values.metrics.prometheusRule.namespace | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if .Values.metrics.prometheusRule.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + groups: + - name: thanos-query + rules: + {{- if not (.Values.metrics.prometheusRule.default.disabled.ThanosQueryHttpRequestQueryErrorRateHigh | default false) }} + - alert: ThanosQueryHttpRequestQueryErrorRateHigh + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 8 }} + {{- end }} + description: Thanos Query {{`{{`}} $labels.job {{`}}`}} is failing to handle {{`{{`}} $value | humanize {{`}}`}}% of "query" requests. + runbook_url: {{ .Values.metrics.prometheusRule.runbookUrl }}thanosqueryhttprequestqueryerrorratehigh + summary: Thanos Query is failing to handle requests. + expr: | + ( + sum by (job) (rate(http_requests_total{code=~"5..", job=~".*{{ include "thanos.query.fullname" . }}.*", handler="query"}[5m])) + / + sum by (job) (rate(http_requests_total{job=~".*{{ include "thanos.query.fullname" . }}.*", handler="query"}[5m])) + ) * 100 > 5 + for: 5m + labels: + severity: critical + {{- if .Values.metrics.prometheusRule.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 8 }} + {{- end }} + {{- end }} + {{- if not (.Values.metrics.prometheusRule.default.disabled.ThanosQueryHttpRequestQueryRangeErrorRateHigh | default false) }} + - alert: ThanosQueryHttpRequestQueryRangeErrorRateHigh + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 8 }} + {{- end }} + description: Thanos Query {{`{{`}} $labels.job {{`}}`}} is failing to handle {{`{{`}} $value | humanize {{`}}`}}% of "query_range" requests. + runbook_url: {{ .Values.metrics.prometheusRule.runbookUrl }}thanosqueryhttprequestqueryrangeerrorratehigh + summary: Thanos Query is failing to handle requests. + expr: | + ( + sum by (job) (rate(http_requests_total{code=~"5..", job=~".*{{ include "thanos.query.fullname" . }}.*", handler="query_range"}[5m])) + / + sum by (job) (rate(http_requests_total{job=~".*{{ include "thanos.query.fullname" . }}.*", handler="query_range"}[5m])) + ) * 100 > 5 + for: 5m + labels: + severity: critical + {{- if .Values.metrics.prometheusRule.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 8 }} + {{- end }} + {{- end }} + {{- if not (.Values.metrics.prometheusRule.default.disabled.ThanosQueryGrpcServerErrorRate | default false) }} + - alert: ThanosQueryGrpcServerErrorRate + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 8 }} + {{- end }} + description: Thanos Query {{`{{`}} $labels.job {{`}}`}} is failing to handle {{`{{`}} $value | humanize {{`}}`}}% of requests. + runbook_url: {{ .Values.metrics.prometheusRule.runbookUrl }}thanosquerygrpcservererrorrate + summary: Thanos Query is failing to handle requests. + expr: | + ( + sum by (job) (rate(grpc_server_handled_total{grpc_code=~"Unknown|ResourceExhausted|Internal|Unavailable|DataLoss|DeadlineExceeded", job=~".*{{ include "thanos.query.fullname" . }}.*"}[5m])) + / + sum by (job) (rate(grpc_server_started_total{job=~".*{{ include "thanos.query.fullname" . }}.*"}[5m])) + * 100 > 5 + ) + for: 5m + labels: + severity: warning + {{- if .Values.metrics.prometheusRule.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 8 }} + {{- end }} + {{- end }} + {{- if not (.Values.metrics.prometheusRule.default.disabled.ThanosQueryGrpcClientErrorRate | default false) }} + - alert: ThanosQueryGrpcClientErrorRate + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 8 }} + {{- end }} + description: Thanos Query {{`{{`}} $labels.job {{`}}`}} is failing to send {{`{{`}} $value | humanize {{`}}`}}% of requests. + runbook_url: {{ .Values.metrics.prometheusRule.runbookUrl }}thanosquerygrpcclienterrorrate + summary: Thanos Query is failing to send requests. + expr: | + ( + sum by (job) (rate(grpc_client_handled_total{grpc_code!="OK", job=~".*{{ include "thanos.query.fullname" . }}.*"}[5m])) + / + sum by (job) (rate(grpc_client_started_total{job=~".*{{ include "thanos.query.fullname" . }}.*"}[5m])) + ) * 100 > 5 + for: 5m + labels: + severity: warning + {{- if .Values.metrics.prometheusRule.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 8 }} + {{- end }} + {{- end }} + {{- if not (.Values.metrics.prometheusRule.default.disabled.ThanosQueryHighDNSFailures | default false) }} + - alert: ThanosQueryHighDNSFailures + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 8 }} + {{- end }} + description: Thanos Query {{`{{`}} $labels.job {{`}}`}} have {{`{{`}} $value | humanize{{`}}`}}% of failing DNS queries for store endpoints. + runbook_url: {{ .Values.metrics.prometheusRule.runbookUrl }}thanosqueryhighdnsfailures + summary: Thanos Query is having high number of DNS failures. + expr: | + ( + sum by (job) (rate(thanos_query_store_apis_dns_failures_total{job=~".*{{ include "thanos.query.fullname" . }}.*"}[5m])) + / + sum by (job) (rate(thanos_query_store_apis_dns_lookups_total{job=~".*{{ include "thanos.query.fullname" . }}.*"}[5m])) + ) * 100 > 1 + for: 15m + labels: + severity: warning + {{- if .Values.metrics.prometheusRule.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 8 }} + {{- end }} + {{- end }} + {{- if not (.Values.metrics.prometheusRule.default.disabled.ThanosQueryInstantLatencyHigh | default false) }} + - alert: ThanosQueryInstantLatencyHigh + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 8 }} + {{- end }} + description: Thanos Query {{`{{`}} $labels.job {{`}}`}} has a 99th percentile latency of {{`{{`}} $value {{`}}`}} seconds for instant queries. + runbook_url: {{ .Values.metrics.prometheusRule.runbookUrl }}thanosqueryinstantlatencyhigh + summary: Thanos Query has high latency for queries. + expr: | + ( + histogram_quantile(0.99, sum by (job, le) (rate(http_request_duration_seconds_bucket{job=~".*{{ include "thanos.query.fullname" . }}.*", handler="query"}[5m]))) > 40 + and + sum by (job) (rate(http_request_duration_seconds_bucket{job=~".*{{ include "thanos.query.fullname" . }}.*", handler="query"}[5m])) > 0 + ) + for: 10m + labels: + severity: critical + {{- if .Values.metrics.prometheusRule.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 8 }} + {{- end }} + {{- end }} + {{- if not (.Values.metrics.prometheusRule.default.disabled.ThanosQueryRangeLatencyHigh | default false) }} + - alert: ThanosQueryRangeLatencyHigh + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 8 }} + {{- end }} + description: Thanos Query {{`{{`}} $labels.job {{`}}`}} has a 99th percentile latency of {{`{{`}} $value {{`}}`}} seconds for range queries. + runbook_url: {{ .Values.metrics.prometheusRule.runbookUrl }}thanosqueryrangelatencyhigh + summary: Thanos Query has high latency for queries. + expr: | + ( + histogram_quantile(0.99, sum by (job, le) (rate(http_request_duration_seconds_bucket{job=~".*{{ include "thanos.query.fullname" . }}.*", handler="query_range"}[5m]))) > 90 + and + sum by (job) (rate(http_request_duration_seconds_count{job=~".*{{ include "thanos.query.fullname" . }}.*", handler="query_range"}[5m])) > 0 + ) + for: 10m + labels: + severity: critical + {{- if .Values.metrics.prometheusRule.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 8 }} + {{- end }} + {{- end }} + {{- if not (.Values.metrics.prometheusRule.default.disabled.ThanosQueryOverload | default false) }} + - alert: ThanosQueryOverload + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 8 }} + {{- end }} + description: Thanos Query {{`{{`}} $labels.job {{`}}`}} has been overloaded for more than 15 minutes. This may be a symptom of excessive simultanous complex requests, low performance of the Prometheus API, or failures within these components. Assess the health of the Thanos query instances, the connnected Prometheus instances, look for potential senders of these requests and then contact support. + runbook_url: {{ .Values.metrics.prometheusRule.runbookUrl }}thanosqueryoverload + summary: Thanos query reaches its maximum capacity serving concurrent requests. + expr: | + ( + max_over_time(thanos_query_concurrent_gate_queries_max[5m]) - avg_over_time(thanos_query_concurrent_gate_queries_in_flight[5m]) < 1 + ) + for: 15m + labels: + severity: warning + {{- if .Values.metrics.prometheusRule.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 8 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/thanos/templates/alert-rule/receive.yml b/charts/thanos/templates/alert-rule/receive.yml new file mode 100644 index 0000000000..f96c67cfb6 --- /dev/null +++ b/charts/thanos/templates/alert-rule/receive.yml @@ -0,0 +1,206 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- /* +Generated from https://github.com/thanos-io/thanos/blob/main/examples/alerts/alerts.md +*/ -}} +{{- if and .Values.metrics.enabled (or .Values.metrics.prometheusRule.default.create .Values.metrics.prometheusRule.default.receive ) }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ include "thanos.receive.fullname" . }} + namespace: {{ default .Release.Namespace .Values.metrics.prometheusRule.namespace | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if .Values.metrics.prometheusRule.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + groups: + - name: thanos-receive + rules: + {{- if not (.Values.metrics.prometheusRule.default.disabled.ThanosReceiveHttpRequestErrorRateHigh | default false) }} + - alert: ThanosReceiveHttpRequestErrorRateHigh + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 8 }} + {{- end }} + description: Thanos Receive {{`{{`}} $labels.job {{`}}`}} is failing to handle {{`{{`}} $value | humanize {{`}}`}}% of requests. + runbook_url: {{ .Values.metrics.prometheusRule.runbookUrl }}thanosreceivehttprequesterrorratehigh + summary: Thanos Receive is failing to handle requests. + expr: | + ( + sum by (job) (rate(http_requests_total{code=~"5..", job=~".*{{ include "thanos.receive.fullname" . }}.*", handler="receive"}[5m])) + / + sum by (job) (rate(http_requests_total{job=~".*{{ include "thanos.receive.fullname" . }}.*", handler="receive"}[5m])) + ) * 100 > 5 + for: 5m + labels: + severity: critical + {{- if .Values.metrics.prometheusRule.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 8 }} + {{- end }} + {{- end }} + {{- if not (.Values.metrics.prometheusRule.default.disabled.ThanosReceiveHttpRequestLatencyHigh | default false) }} + - alert: ThanosReceiveHttpRequestLatencyHigh + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 8 }} + {{- end }} + description: Thanos Receive {{`{{`}} $labels.job {{`}}`}} has a 99th percentile latency of {{`{{`}} $value {{`}}`}} seconds for requests. + runbook_url: {{ .Values.metrics.prometheusRule.runbookUrl }}thanosreceivehttprequestlatencyhigh + summary: Thanos Receive has high HTTP requests latency. + expr: | + ( + histogram_quantile(0.99, sum by (job, le) (rate(http_request_duration_seconds_bucket{job=~".*{{ include "thanos.receive.fullname" . }}.*", handler="receive"}[5m]))) > 10 + and + sum by (job) (rate(http_request_duration_seconds_count{job=~".*{{ include "thanos.receive.fullname" . }}.*", handler="receive"}[5m])) > 0 + ) + for: 10m + labels: + severity: critical + {{- if .Values.metrics.prometheusRule.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 8 }} + {{- end }} + {{- end }} + {{- if not (.Values.metrics.prometheusRule.default.disabled.ThanosReceiveHighReplicationFailures | default false) }} + - alert: ThanosReceiveHighReplicationFailures + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 8 }} + {{- end }} + description: Thanos Receive {{`{{`}} $labels.job {{`}}`}} is failing to replicate {{`{{`}} $value | humanize {{`}}`}}% of requests. + runbook_url: {{ .Values.metrics.prometheusRule.runbookUrl }}thanosreceivehighreplicationfailures + summary: Thanos Receive is having high number of replication failures. + expr: | + thanos_receive_replication_factor > 1 + and + ( + ( + sum by (job) (rate(thanos_receive_replications_total{result="error", job=~".*{{ include "thanos.receive.fullname" . }}.*"}[5m])) + / + sum by (job) (rate(thanos_receive_replications_total{job=~".*{{ include "thanos.receive.fullname" . }}.*"}[5m])) + ) + > + ( + max by (job) (floor((thanos_receive_replication_factor{job=~".*{{ include "thanos.receive.fullname" . }}.*"}+1) / 2)) + / + max by (job) (thanos_receive_hashring_nodes{job=~".*{{ include "thanos.receive.fullname" . }}.*"}) + ) + ) * 100 + for: 5m + labels: + severity: warning + {{- if .Values.metrics.prometheusRule.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 8 }} + {{- end }} + {{- end }} + {{- if not (.Values.metrics.prometheusRule.default.disabled.ThanosReceiveHighForwardRequestFailures | default false) }} + - alert: ThanosReceiveHighForwardRequestFailures + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 8 }} + {{- end }} + description: Thanos Receive {{`{{`}} $labels.job {{`}}`}} is failing to forward {{`{{`}} $value | humanize {{`}}`}}% of requests. + runbook_url: {{ .Values.metrics.prometheusRule.runbookUrl }}thanosreceivehighforwardrequestfailures + summary: Thanos Receive is failing to forward requests. + expr: | + ( + sum by (job) (rate(thanos_receive_forward_requests_total{result="error", job=~".*{{ include "thanos.receive.fullname" . }}.*"}[5m])) + / + sum by (job) (rate(thanos_receive_forward_requests_total{job=~".*{{ include "thanos.receive.fullname" . }}.*"}[5m])) + ) * 100 > 20 + for: 5m + labels: + severity: info + {{- if .Values.metrics.prometheusRule.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 8 }} + {{- end }} + {{- end }} + {{- if not (.Values.metrics.prometheusRule.default.disabled.ThanosReceiveHighHashringFileRefreshFailures | default false) }} + - alert: ThanosReceiveHighHashringFileRefreshFailures + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 8 }} + {{- end }} + description: Thanos Receive {{`{{`}} $labels.job {{`}}`}} is failing to refresh hashring file, {{`{{`}} $value | humanize {{`}}`}} of attempts failed. + runbook_url: {{ .Values.metrics.prometheusRule.runbookUrl }}thanosreceivehighhashringfilerefreshfailures + summary: Thanos Receive is failing to refresh hasring file. + expr: | + ( + sum by (job) (rate(thanos_receive_hashrings_file_errors_total{job=~".*{{ include "thanos.receive.fullname" . }}.*"}[5m])) + / + sum by (job) (rate(thanos_receive_hashrings_file_refreshes_total{job=~".*{{ include "thanos.receive.fullname" . }}.*"}[5m])) + > 0 + ) + for: 15m + labels: + severity: warning + {{- if .Values.metrics.prometheusRule.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 8 }} + {{- end }} + {{- end }} + {{- if not (.Values.metrics.prometheusRule.default.disabled.ThanosReceiveConfigReloadFailure | default false) }} + - alert: ThanosReceiveConfigReloadFailure + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 8 }} + {{- end }} + description: Thanos Receive {{`{{`}} $labels.job {{`}}`}} has not been able to reload hashring configurations. + runbook_url: {{ .Values.metrics.prometheusRule.runbookUrl }}thanosreceiveconfigreloadfailure + summary: Thanos Receive has not been able to reload configuration. + expr: avg by (job) (thanos_receive_config_last_reload_successful{job=~".*{{ include "thanos.receive.fullname" . }}.*"}) != 1 + for: 5m + labels: + severity: warning + {{- if .Values.metrics.prometheusRule.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 8 }} + {{- end }} + {{- end }} + {{- if not (.Values.metrics.prometheusRule.default.disabled.ThanosReceiveNoUpload | default false) }} + - alert: ThanosReceiveNoUpload + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 8 }} + {{- end }} + description: Thanos Receive {{`{{`}} $labels.instance {{`}}`}} has not uploaded latest data to object storage. + runbook_url: {{ .Values.metrics.prometheusRule.runbookUrl }}thanosreceivenoupload + summary: Thanos Receive has not uploaded latest data to object storage. + expr: | + (up{job=~".*{{ include "thanos.receive.fullname" . }}.*"} - 1) + + on (job, instance) # filters to only alert on current instance last 3h + (sum by (job, instance) (increase(thanos_shipper_uploads_total{job=~".*{{ include "thanos.receive.fullname" . }}.*"}[3h])) == 0) + for: 3h + labels: + severity: critical + {{- if .Values.metrics.prometheusRule.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 8 }} + {{- end }} + {{- end }} + {{- if not (.Values.metrics.prometheusRule.default.disabled.ThanosReceiveTrafficBelowThreshold | default false) }} + - alert: ThanosReceiveTrafficBelowThreshold + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 8 }} + {{- end }} + description: At Thanos Receive {{`{{`}} $labels.job {{`}}`}} in {{`{{`}} $labels.namespace {{`}}`}} , the average 1-hr avg. metrics ingestion rate is {{`{{`}} $value | humanize {{`}}`}}% of 12-hr avg. ingestion rate. + runbook_url: {{ .Values.metrics.prometheusRule.runbookUrl }}thanosreceivetrafficbelowthreshold + summary: Thanos Receive is experiencing low avg. 1-hr ingestion rate relative to avg. 12-hr ingestion rate. + expr: | + ( + avg_over_time(rate(http_requests_total{job=~".*{{ include "thanos.receive.fullname" . }}.*", code=~"2..", handler="receive"}[5m])[1h:5m]) + / + avg_over_time(rate(http_requests_total{job=~".*{{ include "thanos.receive.fullname" . }}.*", code=~"2..", handler="receive"}[5m])[12h:5m]) + ) * 100 < 50 + for: 1h + labels: + severity: warning + {{- if .Values.metrics.prometheusRule.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 8 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/thanos/templates/alert-rule/replicate.yml b/charts/thanos/templates/alert-rule/replicate.yml new file mode 100644 index 0000000000..ec0dd44d8d --- /dev/null +++ b/charts/thanos/templates/alert-rule/replicate.yml @@ -0,0 +1,70 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- /* +Generated from https://github.com/thanos-io/thanos/blob/main/examples/alerts/alerts.md +*/ -}} +{{- if and .Values.metrics.enabled (or .Values.metrics.prometheusRule.default.create .Values.metrics.prometheusRule.default.replicate ) }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ template "common.names.fullname" . }}-replicate + namespace: {{ default .Release.Namespace .Values.metrics.prometheusRule.namespace | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if .Values.metrics.prometheusRule.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + groups: + - name: thanos-bucket-replicate + rules: + {{- if not (.Values.metrics.prometheusRule.default.disabled.ThanosBucketReplicateErrorRate | default false) }} + - alert: ThanosBucketReplicateErrorRate + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 8 }} + {{- end }} + description: Thanos Replicate is failing to run, {{`{{`}} $value | humanize {{`}}`}}% of attempts failed. + runbook_url: {{ .Values.metrics.prometheusRule.runbookUrl }}thanosbucketreplicateerrorrate + summary: Thanos Replicate is failing to run. + expr: | + ( + sum by (job) (rate(thanos_replicate_replication_runs_total{result="error", job=~".*{{ template "common.names.fullname" . }}-bucket-replicate.*"}[5m])) + / on (job) group_left + sum by (job) (rate(thanos_replicate_replication_runs_total{job=~".*{{ template "common.names.fullname" . }}-bucket-replicate.*"}[5m])) + ) * 100 >= 10 + for: 5m + labels: + severity: critical + {{- if .Values.metrics.prometheusRule.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 8 }} + {{- end }} + {{- end }} + {{- if not (.Values.metrics.prometheusRule.default.disabled.ThanosBucketReplicateRunLatency | default false) }} + - alert: ThanosBucketReplicateRunLatency + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 8 }} + {{- end }} + description: Thanos Replicate {{`{{`}} $labels.job {{`}}`}} has a 99th percentile latency of {{`{{`}} $value {{`}}`}} seconds for the replicate operations. + runbook_url: {{ .Values.metrics.prometheusRule.runbookUrl }}thanosbucketreplicaterunlatency + summary: Thanos Replicate has a high latency for replicate operations. + expr: | + ( + histogram_quantile(0.99, sum by (job) (rate(thanos_replicate_replication_run_duration_seconds_bucket{job=~".*{{ template "common.names.fullname" . }}-bucket-replicate.*"}[5m]))) > 20 + and + sum by (job) (rate(thanos_replicate_replication_run_duration_seconds_bucket{job=~".*{{ template "common.names.fullname" . }}-bucket-replicate.*"}[5m])) > 0 + ) + for: 5m + labels: + severity: critical + {{- if .Values.metrics.prometheusRule.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 8 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/thanos/templates/alert-rule/ruler.yml b/charts/thanos/templates/alert-rule/ruler.yml new file mode 100644 index 0000000000..0bd2912710 --- /dev/null +++ b/charts/thanos/templates/alert-rule/ruler.yml @@ -0,0 +1,251 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- /* +Generated from https://github.com/thanos-io/thanos/blob/main/examples/alerts/alerts.md +*/ -}} +{{- if and .Values.metrics.enabled (or .Values.metrics.prometheusRule.default.create .Values.metrics.prometheusRule.default.ruler ) }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ include "thanos.ruler.fullname" . }} + namespace: {{ default .Release.Namespace .Values.metrics.prometheusRule.namespace | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if .Values.metrics.prometheusRule.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + groups: + - name: thanos-rule + rules: + {{- if not (.Values.metrics.prometheusRule.default.disabled.ThanosRuleQueueIsDroppingAlerts | default false) }} + - alert: ThanosRuleQueueIsDroppingAlerts + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 8 }} + {{- end }} + description: Thanos Rule {{`{{`}} $labels.instance {{`}}`}} is failing to queue alerts. + runbook_url: {{ .Values.metrics.prometheusRule.runbookUrl }}thanosrulequeueisdroppingalerts + summary: Thanos Rule is failing to queue alerts. + expr: | + sum by (job, instance) (rate(thanos_alert_queue_alerts_dropped_total{job=~".*{{ include "thanos.ruler.fullname" . }}.*"}[5m])) > 0 + for: 5m + labels: + severity: critical + {{- if .Values.metrics.prometheusRule.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 8 }} + {{- end }} + {{- end }} + {{- if not (.Values.metrics.prometheusRule.default.disabled.ThanosRuleSenderIsFailingAlerts | default false) }} + - alert: ThanosRuleSenderIsFailingAlerts + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 8 }} + {{- end }} + description: Thanos Rule {{`{{`}} $labels.instance {{`}}`}} is failing to send alerts to alertmanager. + runbook_url: {{ .Values.metrics.prometheusRule.runbookUrl }}thanosrulesenderisfailingalerts + summary: Thanos Rule is failing to send alerts to alertmanager. + expr: | + sum by (job, instance) (rate(thanos_alert_sender_alerts_dropped_total{job=~".*{{ include "thanos.ruler.fullname" . }}.*"}[5m])) > 0 + for: 5m + labels: + severity: critical + {{- if .Values.metrics.prometheusRule.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 8 }} + {{- end }} + {{- end }} + {{- if not (.Values.metrics.prometheusRule.default.disabled.ThanosRuleHighRuleEvaluationFailures | default false) }} + - alert: ThanosRuleHighRuleEvaluationFailures + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 8 }} + {{- end }} + description: Thanos Rule {{`{{`}} $labels.instance {{`}}`}} is failing to evaluate rules. + runbook_url: {{ .Values.metrics.prometheusRule.runbookUrl }}thanosrulehighruleevaluationfailures + summary: Thanos Rule is failing to evaluate rules. + expr: | + ( + sum by (job, instance) (rate(prometheus_rule_evaluation_failures_total{job=~".*{{ include "thanos.ruler.fullname" . }}.*"}[5m])) + / + sum by (job, instance) (rate(prometheus_rule_evaluations_total{job=~".*{{ include "thanos.ruler.fullname" . }}.*"}[5m])) + * 100 > 5 + ) + for: 5m + labels: + severity: critical + {{- if .Values.metrics.prometheusRule.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 8 }} + {{- end }} + {{- end }} + {{- if not (.Values.metrics.prometheusRule.default.disabled.ThanosRuleHighRuleEvaluationWarnings | default false) }} + - alert: ThanosRuleHighRuleEvaluationWarnings + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 8 }} + {{- end }} + description: Thanos Rule {{`{{`}} $labels.instance {{`}}`}} has high number of evaluation warnings. + runbook_url: {{ .Values.metrics.prometheusRule.runbookUrl }}thanosrulehighruleevaluationwarnings + summary: Thanos Rule has high number of evaluation warnings. + expr: | + sum by (job, instance) (rate(thanos_rule_evaluation_with_warnings_total{job=~".*{{ include "thanos.ruler.fullname" . }}.*"}[5m])) > 0 + for: 15m + labels: + severity: info + {{- if .Values.metrics.prometheusRule.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 8 }} + {{- end }} + {{- end }} + {{- if not (.Values.metrics.prometheusRule.default.disabled.ThanosRuleRuleEvaluationLatencyHigh | default false) }} + - alert: ThanosRuleRuleEvaluationLatencyHigh + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 8 }} + {{- end }} + description: Thanos Rule {{`{{`}} $labels.instance {{`}}`}} has higher evaluation latency than interval for {{`{{`}} $labels.rule_group {{`}}`}}. + runbook_url: {{ .Values.metrics.prometheusRule.runbookUrl }}thanosruleruleevaluationlatencyhigh + summary: Thanos Rule has high rule evaluation latency. + expr: | + ( + sum by (job, instance, rule_group) (prometheus_rule_group_last_duration_seconds{job=~".*{{ include "thanos.ruler.fullname" . }}.*"}) + > + sum by (job, instance, rule_group) (prometheus_rule_group_interval_seconds{job=~".*{{ include "thanos.ruler.fullname" . }}.*"}) + ) + for: 5m + labels: + severity: warning + {{- if .Values.metrics.prometheusRule.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 8 }} + {{- end }} + {{- end }} + {{- if not (.Values.metrics.prometheusRule.default.disabled.ThanosRuleGrpcErrorRate | default false) }} + - alert: ThanosRuleGrpcErrorRate + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 8 }} + {{- end }} + description: Thanos Rule {{`{{`}} $labels.job {{`}}`}} is failing to handle {{`{{`}} $value | humanize {{`}}`}}% of requests. + runbook_url: {{ .Values.metrics.prometheusRule.runbookUrl }}thanosrulegrpcerrorrate + summary: Thanos Rule is failing to handle grpc requests. + expr: | + ( + sum by (job, instance) (rate(grpc_server_handled_total{grpc_code=~"Unknown|ResourceExhausted|Internal|Unavailable|DataLoss|DeadlineExceeded", job=~".*{{ include "thanos.ruler.fullname" . }}.*"}[5m])) + / + sum by (job, instance) (rate(grpc_server_started_total{job=~".*{{ include "thanos.ruler.fullname" . }}.*"}[5m])) + * 100 > 5 + ) + for: 5m + labels: + severity: warning + {{- if .Values.metrics.prometheusRule.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 8 }} + {{- end }} + {{- end }} + {{- if not (.Values.metrics.prometheusRule.default.disabled.ThanosRuleConfigReloadFailure | default false) }} + - alert: ThanosRuleConfigReloadFailure + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 8 }} + {{- end }} + description: Thanos Rule {{`{{`}} $labels.job {{`}}`}} has not been able to reload its configuration. + runbook_url: {{ .Values.metrics.prometheusRule.runbookUrl }}thanosruleconfigreloadfailure + summary: Thanos Rule has not been able to reload configuration. + expr: avg by (job, instance) (thanos_rule_config_last_reload_successful{job=~".*{{ include "thanos.ruler.fullname" . }}.*"}) != 1 + for: 5m + labels: + severity: info + {{- if .Values.metrics.prometheusRule.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 8 }} + {{- end }} + {{- end }} + {{- if not (.Values.metrics.prometheusRule.default.disabled.ThanosRuleQueryHighDNSFailures | default false) }} + - alert: ThanosRuleQueryHighDNSFailures + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 8 }} + {{- end }} + description: Thanos Rule {{`{{`}} $labels.job {{`}}`}} has {{`{{`}} $value | humanize{{`}}`}}% of failing DNS queries for query endpoints. + runbook_url: {{ .Values.metrics.prometheusRule.runbookUrl }}thanosrulequeryhighdnsfailures + summary: Thanos Rule is having high number of DNS failures. + expr: | + ( + sum by (job, instance) (rate(thanos_rule_query_apis_dns_failures_total{job=~".*{{ include "thanos.ruler.fullname" . }}.*"}[5m])) + / + sum by (job, instance) (rate(thanos_rule_query_apis_dns_lookups_total{job=~".*{{ include "thanos.ruler.fullname" . }}.*"}[5m])) + * 100 > 1 + ) + for: 15m + labels: + severity: warning + {{- if .Values.metrics.prometheusRule.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 8 }} + {{- end }} + {{- end }} + {{- if not (.Values.metrics.prometheusRule.default.disabled.ThanosRuleAlertmanagerHighDNSFailures | default false) }} + - alert: ThanosRuleAlertmanagerHighDNSFailures + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 8 }} + {{- end }} + description: Thanos Rule {{`{{`}} $labels.instance{{`}}`}} has {{`{{`}} $value | humanize {{`}}`}}% of failing DNS queries for Alertmanager endpoints. + runbook_url: {{ .Values.metrics.prometheusRule.runbookUrl }}thanosrulealertmanagerhighdnsfailures + summary: Thanos Rule is having high number of DNS failures. + expr: | + ( + sum by (job, instance) (rate(thanos_rule_alertmanagers_dns_failures_total{job=~".*{{ include "thanos.ruler.fullname" . }}.*"}[5m])) + / + sum by (job, instance) (rate(thanos_rule_alertmanagers_dns_lookups_total{job=~".*{{ include "thanos.ruler.fullname" . }}.*"}[5m])) + * 100 > 1 + ) + for: 15m + labels: + severity: warning + {{- if .Values.metrics.prometheusRule.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 8 }} + {{- end }} + {{- end }} + {{- if not (.Values.metrics.prometheusRule.default.disabled.ThanosRuleNoEvaluationFor10Intervals | default false) }} + - alert: ThanosRuleNoEvaluationFor10Intervals + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 8 }} + {{- end }} + description: Thanos Rule {{`{{`}} $labels.job {{`}}`}} has rule groups that did not evaluate for at least 10x of their expected interval. + runbook_url: {{ .Values.metrics.prometheusRule.runbookUrl }}thanosrulenoevaluationfor10intervals + summary: Thanos Rule has rule groups that did not evaluate for 10 intervals. + expr: | + time() - max by (job, instance, group) (prometheus_rule_group_last_evaluation_timestamp_seconds{job=~".*{{ include "thanos.ruler.fullname" . }}.*"}) + > + 10 * max by (job, instance, group) (prometheus_rule_group_interval_seconds{job=~".*{{ include "thanos.ruler.fullname" . }}.*"}) + for: 5m + labels: + severity: info + {{- if .Values.metrics.prometheusRule.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 8 }} + {{- end }} + {{- end }} + {{- if not (.Values.metrics.prometheusRule.default.disabled.ThanosNoRuleEvaluations | default false) }} + - alert: ThanosNoRuleEvaluations + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 8 }} + {{- end }} + description: Thanos Rule {{`{{`}} $labels.instance {{`}}`}} did not perform any rule evaluations in the past 10 minutes. + runbook_url: {{ .Values.metrics.prometheusRule.runbookUrl }}thanosnoruleevaluations + summary: Thanos Rule did not perform any rule evaluations. + expr: | + sum by (job, instance) (rate(prometheus_rule_evaluations_total{job=~".*{{ include "thanos.ruler.fullname" . }}.*"}[5m])) <= 0 + and + sum by (job, instance) (thanos_rule_loaded_rules{job=~".*{{ include "thanos.ruler.fullname" . }}.*"}) > 0 + for: 5m + labels: + severity: critical + {{- if .Values.metrics.prometheusRule.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 8 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/thanos/templates/alert-rule/sidecar.yml b/charts/thanos/templates/alert-rule/sidecar.yml new file mode 100644 index 0000000000..5464376e1a --- /dev/null +++ b/charts/thanos/templates/alert-rule/sidecar.yml @@ -0,0 +1,64 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- /* +Generated from https://github.com/thanos-io/thanos/blob/main/examples/alerts/alerts.md +*/ -}} +{{- if and .Values.metrics.enabled (or .Values.metrics.prometheusRule.default.create .Values.metrics.prometheusRule.default.sidecar ) }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ template "common.names.fullname" . }}-sidecar + namespace: {{ default .Release.Namespace .Values.metrics.prometheusRule.namespace | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if .Values.metrics.prometheusRule.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + groups: + - name: thanos-sidecar + rules: + {{- if not (.Values.metrics.prometheusRule.default.disabled.ThanosSidecarBucketOperationsFailed | default false) }} + - alert: ThanosSidecarBucketOperationsFailed + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 8 }} + {{- end }} + description: Thanos Sidecar {{`{{`}} $labels.instance {{`}}`}} bucket operations are failing + runbook_url: {{ .Values.metrics.prometheusRule.runbookUrl }}thanossidecarbucketoperationsfailed + summary: Thanos Sidecar bucket operations are failing + expr: | + sum by (job, instance) (rate(thanos_objstore_bucket_operation_failures_total{job=~"{{ .Values.metrics.prometheusRule.default.sidecarJobRegex }}"}[5m])) > 0 + for: 5m + labels: + severity: critical + {{- if .Values.metrics.prometheusRule.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 8 }} + {{- end }} + {{- end }} + {{- if not (.Values.metrics.prometheusRule.default.disabled.ThanosSidecarNoConnectionToStartedPrometheus | default false) }} + - alert: ThanosSidecarNoConnectionToStartedPrometheus + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 8 }} + {{- end }} + description: Thanos Sidecar {{`{{`}} $labels.instance {{`}}`}} is unhealthy. + runbook_url: {{ .Values.metrics.prometheusRule.runbookUrl }}thanossidecarnoconnectiontostartedprometheus + summary: Thanos Sidecar cannot access Prometheus, even though Prometheus seems healthy and has reloaded WAL. + expr: | + thanos_sidecar_prometheus_up{job=~"{{ .Values.metrics.prometheusRule.default.sidecarJobRegex }}"} == 0 + AND on (namespace, pod) + prometheus_tsdb_data_replay_duration_seconds != 0 + for: 5m + labels: + severity: critical + {{- if .Values.metrics.prometheusRule.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 8 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/thanos/templates/alert-rule/store_gateway.yml b/charts/thanos/templates/alert-rule/store_gateway.yml new file mode 100644 index 0000000000..3fded6e6dc --- /dev/null +++ b/charts/thanos/templates/alert-rule/store_gateway.yml @@ -0,0 +1,116 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- /* +Generated from https://github.com/thanos-io/thanos/blob/main/examples/alerts/alerts.md +*/ -}} +{{- if and .Values.metrics.enabled (or .Values.metrics.prometheusRule.default.create .Values.metrics.prometheusRule.default.store_gateway ) }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ include "thanos.storegateway.fullname" . }} + namespace: {{ default .Release.Namespace .Values.metrics.prometheusRule.namespace | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if .Values.metrics.prometheusRule.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + groups: + - name: thanos-store + rules: + {{- if not (.Values.metrics.prometheusRule.default.disabled.ThanosStoreGrpcErrorRate | default false) }} + - alert: ThanosStoreGrpcErrorRate + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 8 }} + {{- end }} + description: Thanos Store {{`{{`}} $labels.job {{`}}`}} is failing to handle {{`{{`}} $value | humanize {{`}}`}}% of requests. + runbook_url: {{ .Values.metrics.prometheusRule.runbookUrl }}thanosstoregrpcerrorrate + summary: Thanos Store is failing to handle qrpcd requests. + expr: | + ( + sum by (job) (rate(grpc_server_handled_total{grpc_code=~"Unknown|ResourceExhausted|Internal|Unavailable|DataLoss|DeadlineExceeded", job=~".*thanos-store.*"}[5m])) + / + sum by (job) (rate(grpc_server_started_total{job=~".*thanos-store.*"}[5m])) + * 100 > 5 + ) + for: 5m + labels: + severity: warning + {{- if .Values.metrics.prometheusRule.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 8 }} + {{- end }} + {{- end }} + {{- if not (.Values.metrics.prometheusRule.default.disabled.ThanosStoreSeriesGateLatencyHigh | default false) }} + - alert: ThanosStoreSeriesGateLatencyHigh + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 8 }} + {{- end }} + description: Thanos Store {{`{{`}} $labels.job {{`}}`}} has a 99th percentile latency of {{`{{`}} $value {{`}}`}} seconds for store series gate requests. + runbook_url: {{ .Values.metrics.prometheusRule.runbookUrl }}thanosstoreseriesgatelatencyhigh + summary: Thanos Store has high latency for store series gate requests. + expr: | + ( + histogram_quantile(0.99, sum by (job, le) (rate(thanos_bucket_store_series_gate_duration_seconds_bucket{job=~".*thanos-store.*"}[5m]))) > 2 + and + sum by (job) (rate(thanos_bucket_store_series_gate_duration_seconds_count{job=~".*thanos-store.*"}[5m])) > 0 + ) + for: 10m + labels: + severity: warning + {{- if .Values.metrics.prometheusRule.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 8 }} + {{- end }} + {{- end }} + {{- if not (.Values.metrics.prometheusRule.default.disabled.ThanosStoreBucketHighOperationFailures | default false) }} + - alert: ThanosStoreBucketHighOperationFailures + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 8 }} + {{- end }} + description: Thanos Store {{`{{`}} $labels.job {{`}}`}} Bucket is failing to execute {{`{{`}} $value | humanize {{`}}`}}% of operations. + runbook_url: {{ .Values.metrics.prometheusRule.runbookUrl }}thanosstorebuckethighoperationfailures + summary: Thanos Store Bucket is failing to execute operations. + expr: | + ( + sum by (job) (rate(thanos_objstore_bucket_operation_failures_total{job=~".*thanos-store.*"}[5m])) + / + sum by (job) (rate(thanos_objstore_bucket_operations_total{job=~".*thanos-store.*"}[5m])) + * 100 > 5 + ) + for: 15m + labels: + severity: warning + {{- if .Values.metrics.prometheusRule.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 8 }} + {{- end }} + {{- end }} + {{- if not (.Values.metrics.prometheusRule.default.disabled.ThanosStoreObjstoreOperationLatencyHigh | default false) }} + - alert: ThanosStoreObjstoreOperationLatencyHigh + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 8 }} + {{- end }} + description: Thanos Store {{`{{`}} $labels.job {{`}}`}} Bucket has a 99th percentile latency of {{`{{`}} $value {{`}}`}} seconds for the bucket operations. + runbook_url: {{ .Values.metrics.prometheusRule.runbookUrl }}thanosstoreobjstoreoperationlatencyhigh + summary: Thanos Store is having high latency for bucket operations. + expr: | + ( + histogram_quantile(0.99, sum by (job, le) (rate(thanos_objstore_bucket_operation_duration_seconds_bucket{job=~".*thanos-store.*"}[5m]))) > 2 + and + sum by (job) (rate(thanos_objstore_bucket_operation_duration_seconds_count{job=~".*thanos-store.*"}[5m])) > 0 + ) + for: 10m + labels: + severity: warning + {{- if .Values.metrics.prometheusRule.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 8 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/thanos/templates/bucketweb/deployment.yaml b/charts/thanos/templates/bucketweb/deployment.yaml new file mode 100644 index 0000000000..130ebb722c --- /dev/null +++ b/charts/thanos/templates/bucketweb/deployment.yaml @@ -0,0 +1,223 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.bucketweb.enabled }} +apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} +kind: Deployment +metadata: + name: {{ include "thanos.bucketweb.fullname" . }} + namespace: {{ include "common.names.namespace" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: bucketweb + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if not .Values.bucketweb.autoscaling.enabled }} + replicas: {{ .Values.bucketweb.replicaCount }} + {{- end }} + revisionHistoryLimit: {{ .Values.bucketweb.revisionHistoryLimit }} + {{- if .Values.bucketweb.updateStrategy }} + strategy: {{- toYaml .Values.bucketweb.updateStrategy | nindent 4 }} + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.bucketweb.podLabels .Values.commonLabels ) "context" . ) }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: bucketweb + template: + metadata: + labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }} + app.kubernetes.io/component: bucketweb + {{- if or .Values.bucketweb.podAnnotations (include "thanos.createObjstoreSecret" .) }} + annotations: + {{- if (include "thanos.createObjstoreSecret" .) }} + checksum/objstore-configuration: {{ include "thanos.objstoreConfig" . | sha256sum }} + {{- end }} + {{- if .Values.bucketweb.podAnnotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.bucketweb.podAnnotations "context" $) | nindent 8 }} + {{- end }} + {{- end }} + spec: + {{- include "thanos.imagePullSecrets" . | nindent 6 }} + serviceAccountName: {{ include "thanos.bucketweb.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.bucketweb.automountServiceAccountToken }} + {{- if .Values.bucketweb.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.bucketweb.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.bucketweb.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.bucketweb.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.bucketweb.podAffinityPreset "component" "bucketweb" "customLabels" $podLabels "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.bucketweb.podAntiAffinityPreset "component" "bucketweb" "customLabels" $podLabels "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.bucketweb.nodeAffinityPreset.type "key" .Values.bucketweb.nodeAffinityPreset.key "values" .Values.bucketweb.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.bucketweb.dnsConfig }} + dnsConfig: {{- include "common.tplvalues.render" (dict "value" .Values.bucketweb.dnsConfig "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.bucketweb.dnsPolicy }} + dnsPolicy: {{ .Values.bucketweb.dnsPolicy | quote }} + {{- end }} + {{- if .Values.bucketweb.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.bucketweb.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.bucketweb.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.bucketweb.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.bucketweb.priorityClassName }} + priorityClassName: {{ .Values.bucketweb.priorityClassName | quote }} + {{- end }} + {{- if .Values.bucketweb.schedulerName }} + schedulerName: {{ .Values.bucketweb.schedulerName }} + {{- end }} + {{- if .Values.bucketweb.podSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.bucketweb.podSecurityContext "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.bucketweb.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.bucketweb.topologySpreadConstraints "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.bucketweb.initContainers }} + initContainers: {{- include "common.tplvalues.render" (dict "value" .Values.bucketweb.initContainers "context" $) | nindent 8 }} + {{- end }} + containers: + {{- if .Values.bucketweb.sidecars }} + {{- include "common.tplvalues.render" (dict "value" .Values.bucketweb.sidecars "context" $) | nindent 8 }} + {{- end }} + - name: bucketweb + image: {{ include "thanos.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.bucketweb.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.bucketweb.containerSecurityContext "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.bucketweb.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.bucketweb.command "context" $) | nindent 12 }} + {{- end }} + args: + {{- if .Values.bucketweb.args }} + {{- include "common.tplvalues.render" (dict "value" .Values.bucketweb.args "context" $) | nindent 12 }} + {{- else }} + - tools + - bucket + - web + - --http-address=0.0.0.0:{{ .Values.bucketweb.containerPorts.http }} + - --log.level={{ .Values.bucketweb.logLevel }} + - --log.format={{ .Values.bucketweb.logFormat }} + - --objstore.config-file=/conf/objstore.yml + {{- if .Values.bucketweb.refresh }} + - --refresh={{ .Values.bucketweb.refresh }} + {{- end }} + {{- if .Values.bucketweb.timeout }} + - --timeout={{ .Values.bucketweb.timeout }} + {{- end }} + {{- if (include "thanos.httpConfigEnabled" .) }} + - --http.config=/conf/http/http-config.yml + {{- end }} + {{- if .Values.bucketweb.extraFlags }} + {{- include "common.tplvalues.render" (dict "value" .Values.bucketweb.extraFlags "context" $) | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.bucketweb.extraEnvVars }} + env: {{- include "common.tplvalues.render" (dict "value" .Values.bucketweb.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + {{- if or .Values.bucketweb.extraEnvVarsCM .Values.bucketweb.extraEnvVarsSecret }} + envFrom: + {{- if .Values.bucketweb.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.bucketweb.extraEnvVarsCM "context" $) }} + {{- end }} + {{- if .Values.bucketweb.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.bucketweb.extraEnvVarsSecret "context" $) }} + {{- end }} + {{- end }} + ports: + - name: http + containerPort: {{ .Values.bucketweb.containerPorts.http }} + protocol: TCP + {{- if .Values.bucketweb.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.bucketweb.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.bucketweb.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.bucketweb.livenessProbe "enabled") "context" $) | nindent 12 }} + {{- if not .Values.auth.basicAuthUsers }} + httpGet: + path: /-/healthy + port: http + scheme: {{ ternary "HTTPS" "HTTP" .Values.https.enabled }} + {{- else }} + tcpSocket: + port: http + {{- end }} + {{- end }} + {{- if .Values.bucketweb.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.bucketweb.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.bucketweb.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.bucketweb.readinessProbe "enabled") "context" $) | nindent 12 }} + {{- if not .Values.auth.basicAuthUsers }} + httpGet: + path: /-/ready + port: http + scheme: {{ ternary "HTTPS" "HTTP" .Values.https.enabled }} + {{- else }} + tcpSocket: + port: http + {{- end }} + {{- end }} + {{- if .Values.bucketweb.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.bucketweb.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.bucketweb.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.bucketweb.startupProbe "enabled") "context" $) | nindent 12 }} + {{- if not .Values.auth.basicAuthUsers }} + httpGet: + path: /-/ready + port: http + scheme: {{ ternary "HTTPS" "HTTP" .Values.https.enabled }} + {{- else }} + tcpSocket: + port: http + {{- end }} + {{- end }} + {{- if .Values.bucketweb.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.bucketweb.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.bucketweb.resources }} + resources: {{- toYaml .Values.bucketweb.resources | nindent 12 }} + {{- else if ne .Values.bucketweb.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.bucketweb.resourcesPreset) | nindent 12 }} + {{- end }} + volumeMounts: + - name: objstore-config + mountPath: /conf + {{- if (include "thanos.httpConfigEnabled" .) }} + - name: http-config + mountPath: /conf/http + {{- if .Values.https.enabled }} + - name: http-certs + mountPath: /certs + {{- end }} + {{- end }} + {{- if .Values.bucketweb.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.bucketweb.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + volumes: + - name: objstore-config + secret: + secretName: {{ include "thanos.objstoreSecretName" . }} + {{- if .Values.existingObjstoreSecretItems }} + items: {{- toYaml .Values.existingObjstoreSecretItems | nindent 14 }} + {{- end }} + {{- if (include "thanos.httpConfigEnabled" .) }} + - name: http-config + secret: + secretName: {{ include "thanos.httpConfigSecretName" . }} + {{- if .Values.https.enabled }} + - name: http-certs + secret: + secretName: {{ include "thanos.httpCertsSecretName" . }} + {{- end }} + {{- end }} + {{- if .Values.bucketweb.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.bucketweb.extraVolumes "context" $) | nindent 8 }} + {{- end }} +{{- end }} diff --git a/charts/thanos/templates/bucketweb/hpa.yaml b/charts/thanos/templates/bucketweb/hpa.yaml new file mode 100644 index 0000000000..05bcd5fa49 --- /dev/null +++ b/charts/thanos/templates/bucketweb/hpa.yaml @@ -0,0 +1,49 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.bucketweb.enabled .Values.bucketweb.autoscaling.enabled }} +apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ ) }} +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "thanos.bucketweb.fullname" . }} + namespace: {{ include "common.names.namespace" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: receive + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + scaleTargetRef: + apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} + kind: Deployment + name: {{ include "thanos.bucketweb.fullname" . }} + minReplicas: {{ .Values.bucketweb.autoscaling.minReplicas }} + maxReplicas: {{ .Values.bucketweb.autoscaling.maxReplicas }} + metrics: + {{- if .Values.bucketweb.autoscaling.targetMemory }} + - type: Resource + resource: + name: memory + {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} + targetAverageUtilization: {{ .Values.bucketweb.autoscaling.targetMemory }} + {{- else }} + target: + type: Utilization + averageUtilization: {{ .Values.bucketweb.autoscaling.targetMemory }} + {{- end }} + {{- end }} + {{- if .Values.bucketweb.autoscaling.targetCPU }} + - type: Resource + resource: + name: cpu + {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} + targetAverageUtilization: {{ .Values.bucketweb.autoscaling.targetCPU }} + {{- else }} + target: + type: Utilization + averageUtilization: {{ .Values.bucketweb.autoscaling.targetCPU }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/thanos/templates/bucketweb/ingress.yaml b/charts/thanos/templates/bucketweb/ingress.yaml new file mode 100644 index 0000000000..4dc2a9e5ba --- /dev/null +++ b/charts/thanos/templates/bucketweb/ingress.yaml @@ -0,0 +1,57 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.bucketweb.enabled .Values.bucketweb.ingress.enabled -}} +apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} +kind: Ingress +metadata: + name: {{ include "thanos.bucketweb.fullname" . }} + namespace: {{ include "common.names.namespace" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: bucketweb + {{- if or .Values.bucketweb.ingress.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.bucketweb.ingress.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.bucketweb.ingress.ingressClassName (include "common.ingress.supportsIngressClassname" .) }} + ingressClassName: {{ .Values.bucketweb.ingress.ingressClassName | quote }} + {{- end }} + rules: + {{- if .Values.bucketweb.ingress.hostname }} + - host: {{ include "common.tplvalues.render" ( dict "value" .Values.bucketweb.ingress.hostname "context" $ ) }} + http: + paths: + - path: {{ .Values.bucketweb.ingress.path }} + {{- if eq "true" (include "common.ingress.supportsPathType" .) }} + pathType: {{ .Values.bucketweb.ingress.pathType }} + {{- end }} + backend: {{- include "common.ingress.backend" (dict "serviceName" (printf "%s-%s" (include "common.names.fullname" .) "bucketweb") "servicePort" "http" "context" $) | nindent 14 }} + {{- end }} + {{- range .Values.bucketweb.ingress.extraHosts }} + - host: {{ .name }} + http: + paths: + - path: {{ default "/" .path }} + {{- if eq "true" (include "common.ingress.supportsPathType" $) }} + pathType: {{ default "ImplementationSpecific" .pathType }} + {{- end }} + backend: {{- include "common.ingress.backend" (dict "serviceName" (printf "%s-%s" (include "common.names.fullname" $) "bucketweb") "servicePort" "http" "context" $) | nindent 14 }} + {{- end }} + {{- if .Values.bucketweb.ingress.extraRules }} + {{- include "common.tplvalues.render" (dict "value" .Values.bucketweb.ingress.extraRules "context" $) | nindent 4 }} + {{- end }} + {{- if or (and .Values.bucketweb.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.bucketweb.ingress.annotations )) .Values.bucketweb.ingress.selfSigned)) .Values.bucketweb.ingress.extraTls }} + tls: + {{- if and .Values.bucketweb.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.bucketweb.ingress.annotations )) .Values.bucketweb.ingress.selfSigned) }} + - hosts: + - {{ .Values.bucketweb.ingress.hostname }} + secretName: {{ printf "%s-tls" .Values.bucketweb.ingress.hostname }} + {{- end }} + {{- if .Values.bucketweb.ingress.extraTls }} + {{- include "common.tplvalues.render" (dict "value" .Values.bucketweb.ingress.extraTls "context" $) | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/thanos/templates/bucketweb/networkpolicy.yaml b/charts/thanos/templates/bucketweb/networkpolicy.yaml new file mode 100644 index 0000000000..4b61b2662c --- /dev/null +++ b/charts/thanos/templates/bucketweb/networkpolicy.yaml @@ -0,0 +1,80 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.bucketweb.enabled .Values.bucketweb.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} +metadata: + name: {{ template "thanos.bucketweb.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: bucketweb + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.bucketweb.podLabels .Values.commonLabels ) "context" . ) }} + podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: bucketweb + policyTypes: + - Ingress + - Egress + {{- if .Values.bucketweb.networkPolicy.allowExternalEgress }} + egress: + - {} + {{- else }} + egress: + # Allow dns resolution + - ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + {{- if .Values.minio.enabled }} + # Communicate with minio + - ports: + - port: {{ .Values.minio.service.ports.api }} + - port: {{ .Values.minio.service.ports.api }} + to: + - podSelector: + matchLabels: + app.kubernetes.io/name: minio + app.kubernetes.io/instance: {{ .Release.Name }} + {{- end }} + {{- if .Values.bucketweb.networkPolicy.extraEgress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.bucketweb.networkPolicy.extraEgress "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} + ingress: + - ports: + - port: {{ .Values.bucketweb.containerPorts.http }} + - port: {{ .Values.bucketweb.service.ports.http }} + {{- if not .Values.bucketweb.networkPolicy.allowExternal }} + from: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} + - podSelector: + matchLabels: + {{ template "thanos.bucketweb.fullname" . }}-client: "true" + {{- if .Values.bucketweb.networkPolicy.ingressNSMatchLabels }} + - namespaceSelector: + matchLabels: + {{- range $key, $value := .Values.bucketweb.networkPolicy.ingressNSMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- if .Values.bucketweb.networkPolicy.ingressNSPodMatchLabels }} + podSelector: + matchLabels: + {{- range $key, $value := .Values.bucketweb.networkPolicy.ingressNSPodMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.bucketweb.networkPolicy.extraIngress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.bucketweb.networkPolicy.extraIngress "context" $ ) | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/thanos/templates/bucketweb/pdb.yaml b/charts/thanos/templates/bucketweb/pdb.yaml new file mode 100644 index 0000000000..787fb922c6 --- /dev/null +++ b/charts/thanos/templates/bucketweb/pdb.yaml @@ -0,0 +1,28 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.bucketweb.enabled .Values.bucketweb.pdb.create }} +apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} +kind: PodDisruptionBudget +metadata: + name: {{ include "thanos.bucketweb.fullname" . }} + namespace: {{ include "common.names.namespace" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: bucketweb + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.bucketweb.pdb.minAvailable }} + minAvailable: {{ .Values.bucketweb.pdb.minAvailable }} + {{- end }} + {{- if or .Values.bucketweb.pdb.maxUnavailable ( not .Values.bucketweb.pdb.minAvailable ) }} + maxUnavailable: {{ .Values.bucketweb.pdb.maxUnavailable | default 1 }} + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.bucketweb.podLabels .Values.commonLabels ) "context" . ) }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: bucketweb +{{- end }} diff --git a/charts/thanos/templates/bucketweb/service.yaml b/charts/thanos/templates/bucketweb/service.yaml new file mode 100644 index 0000000000..7fea298e0a --- /dev/null +++ b/charts/thanos/templates/bucketweb/service.yaml @@ -0,0 +1,55 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.bucketweb.enabled -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "thanos.bucketweb.fullname" . }} + namespace: {{ include "common.names.namespace" . }} + {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.bucketweb.service.labels .Values.commonLabels ) "context" . ) }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: bucketweb + {{- include "thanos.servicemonitor.matchLabels" . | nindent 4 -}} + {{- if or .Values.bucketweb.service.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.bucketweb.service.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.bucketweb.service.type }} + {{- if and .Values.bucketweb.service.clusterIP (eq .Values.bucketweb.service.type "ClusterIP") }} + clusterIP: {{ .Values.bucketweb.service.clusterIP }} + {{- end }} + {{- if ne .Values.bucketweb.service.type "ClusterIP" }} + externalTrafficPolicy: {{ .Values.bucketweb.service.externalTrafficPolicy }} + {{- end }} + {{- if and .Values.bucketweb.service.loadBalancerIP (eq .Values.bucketweb.service.type "LoadBalancer") }} + loadBalancerIP: {{ .Values.bucketweb.service.loadBalancerIP }} + {{- end }} + {{- if and (eq .Values.bucketweb.service.type "LoadBalancer") .Values.bucketweb.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{- toYaml .Values.bucketweb.service.loadBalancerSourceRanges | nindent 4 }} + {{- end }} + ports: + - port: {{ .Values.bucketweb.service.ports.http }} + targetPort: http + protocol: TCP + name: http + {{- if and (or (eq .Values.bucketweb.service.type "NodePort") (eq .Values.bucketweb.service.type "LoadBalancer")) .Values.bucketweb.service.nodePorts.http }} + nodePort: {{ .Values.bucketweb.service.nodePorts.http }} + {{- else if eq .Values.bucketweb.service.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- if .Values.bucketweb.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.bucketweb.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: + {{- if .Values.bucketweb.service.labelSelectorsOverride }} + {{- include "common.tplvalues.render" (dict "value" .Values.bucketweb.service.labelSelectorsOverride "context" $) | nindent 4 }} + {{- else }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.bucketweb.podLabels .Values.commonLabels ) "context" . ) }} + {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: bucketweb + {{- end }} +{{- end }} diff --git a/charts/thanos/templates/bucketweb/serviceaccount.yaml b/charts/thanos/templates/bucketweb/serviceaccount.yaml new file mode 100644 index 0000000000..170c8c68e7 --- /dev/null +++ b/charts/thanos/templates/bucketweb/serviceaccount.yaml @@ -0,0 +1,19 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.bucketweb.enabled .Values.bucketweb.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "thanos.bucketweb.serviceAccountName" . }} + namespace: {{ include "common.names.namespace" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: bucketweb + {{- if or .Values.bucketweb.serviceAccount.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.bucketweb.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.bucketweb.serviceAccount.automountServiceAccountToken }} +{{- end }} diff --git a/charts/thanos/templates/bucketweb/servicemonitor.yaml b/charts/thanos/templates/bucketweb/servicemonitor.yaml new file mode 100644 index 0000000000..059d8b9214 --- /dev/null +++ b/charts/thanos/templates/bucketweb/servicemonitor.yaml @@ -0,0 +1,49 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.bucketweb.enabled .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "thanos.bucketweb.fullname" . }} + namespace: {{ default .Release.Namespace .Values.metrics.serviceMonitor.namespace | quote }} + {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.serviceMonitor.labels .Values.commonLabels ) "context" . ) }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: bucketweb + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.metrics.serviceMonitor.jobLabel }} + jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel }} + {{- end }} + endpoints: + - port: http + {{- if .Values.metrics.serviceMonitor.interval }} + interval: {{ .Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: {{ toYaml .Values.metrics.serviceMonitor.metricRelabelings | nindent 8 }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.relabelings }} + relabelings: {{ toYaml .Values.metrics.serviceMonitor.relabelings | nindent 8 }} + {{- end }} + {{- if .Values.https.enabled }} + scheme: https + {{- end }} + {{- if .Values.metrics.serviceMonitor.extraParameters }} + {{- toYaml .Values.metrics.serviceMonitor.extraParameters | nindent 6 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace | quote }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: bucketweb + {{- include "thanos.servicemonitor.selector" . | nindent 6 -}} +{{- end }} diff --git a/charts/thanos/templates/bucketweb/tls-secrets.yaml b/charts/thanos/templates/bucketweb/tls-secrets.yaml new file mode 100644 index 0000000000..e78633cf33 --- /dev/null +++ b/charts/thanos/templates/bucketweb/tls-secrets.yaml @@ -0,0 +1,46 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.bucketweb.ingress.enabled }} +{{- if .Values.bucketweb.ingress.secrets }} +{{- range .Values.bucketweb.ingress.secrets }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" $ }}-bucketweb + namespace: {{ include "common.names.namespace" $ }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: bucketweb + {{- if $.Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + tls.crt: {{ .certificate | b64enc }} + tls.key: {{ .key | b64enc }} +--- +{{- end }} +{{- end }} +{{- if and .Values.bucketweb.ingress.tls .Values.bucketweb.ingress.selfSigned }} +{{- $secretName := printf "%s-tls" .Values.bucketweb.ingress.hostname }} +{{- $ca := genCA "thanos-bucketweb-ca" 365 }} +{{- $cert := genSignedCert .Values.bucketweb.ingress.hostname nil (list .Values.bucketweb.ingress.hostname) 365 $ca }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} + namespace: {{ include "common.names.namespace" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: bucketweb + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }} + tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }} + ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }} +{{- end }} +{{- end }} diff --git a/charts/thanos/templates/compactor/_pod-template.tpl b/charts/thanos/templates/compactor/_pod-template.tpl new file mode 100644 index 0000000000..dacbe0b647 --- /dev/null +++ b/charts/thanos/templates/compactor/_pod-template.tpl @@ -0,0 +1,263 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* vim: set filetype=mustache: */}} + +{{/* +Compactor pod template. Shared between Cronjob and deployment +*/}} +{{- define "thanos.compactor.podTemplate" -}} +metadata: + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.compactor.podLabels .Values.commonLabels ) "context" . ) }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: compactor + {{- if or .Values.compactor.podAnnotations (include "thanos.createObjstoreSecret" .) }} + annotations: + {{- if (include "thanos.createObjstoreSecret" .) }} + checksum/objstore-configuration: {{ include "thanos.objstoreConfig" . | sha256sum }} + {{- end }} + {{- if .Values.compactor.podAnnotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.compactor.podAnnotations "context" $) | nindent 4 }} + {{- end }} + {{- end }} +spec: + {{- include "thanos.imagePullSecrets" . | nindent 2 }} + serviceAccountName: {{ include "thanos.compactor.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.compactor.automountServiceAccountToken }} + {{- if .Values.compactor.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.compactor.hostAliases "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.compactor.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.compactor.affinity "context" $) | nindent 4 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.compactor.podAffinityPreset "component" "compactor" "customLabels" $podLabels "context" $) | nindent 6 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.compactor.podAntiAffinityPreset "component" "compactor" "customLabels" $podLabels "context" $) | nindent 6 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.compactor.nodeAffinityPreset.type "key" .Values.compactor.nodeAffinityPreset.key "values" .Values.compactor.nodeAffinityPreset.values) | nindent 6 }} + {{- end }} + {{- if .Values.compactor.dnsConfig }} + dnsConfig: {{- include "common.tplvalues.render" (dict "value" .Values.compactor.dnsConfig "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.compactor.dnsPolicy }} + dnsPolicy: {{ .Values.compactor.dnsPolicy | quote }} + {{- end }} + {{- if .Values.compactor.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.compactor.nodeSelector "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.compactor.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.compactor.tolerations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.compactor.priorityClassName }} + priorityClassName: {{ .Values.compactor.priorityClassName | quote }} + {{- end }} + {{- if .Values.compactor.schedulerName }} + schedulerName: {{ .Values.compactor.schedulerName }} + {{- end }} + {{- if .Values.compactor.podSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.compactor.podSecurityContext "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.compactor.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.compactor.topologySpreadConstraints "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.compactor.restartPolicy }} + restartPolicy: {{ .Values.compactor.restartPolicy }} + {{- else if .Values.compactor.cronJob.enabled }} + restartPolicy: Never + {{- end }} + {{- if or .Values.compactor.initContainers (and .Values.volumePermissions.enabled .Values.compactor.persistence.enabled) }} + initContainers: + {{- if and .Values.volumePermissions.enabled .Values.compactor.persistence.enabled }} + - name: init-chmod-data + image: {{ include "thanos.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + command: + - sh + - -c + - | + mkdir -p /data + chown -R "{{ .Values.compactor.containerSecurityContext.runAsUser }}:{{ .Values.compactor.podSecurityContext.fsGroup }}" /data + securityContext: + runAsUser: 0 + volumeMounts: + - name: data + mountPath: /data + {{- end }} + {{- if .Values.compactor.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.compactor.initContainers "context" $) | nindent 4 }} + {{- end }} + {{- end }} + containers: + {{- if .Values.compactor.sidecars }} + {{- include "common.tplvalues.render" (dict "value" .Values.compactor.sidecars "context" $) | nindent 4 }} + {{- end }} + - name: compactor + image: {{ include "thanos.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.compactor.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.compactor.containerSecurityContext "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.compactor.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.compactor.command "context" $) | nindent 8 }} + {{- end }} + args: + {{- if .Values.compactor.args }} + {{- include "common.tplvalues.render" (dict "value" .Values.compactor.args "context" $) | nindent 8 }} + {{- else }} + - compact + - --log.level={{ .Values.compactor.logLevel }} + - --log.format={{ .Values.compactor.logFormat }} + - --http-address=0.0.0.0:{{ .Values.compactor.containerPorts.http }} + - --data-dir=/data + - --retention.resolution-raw={{ .Values.compactor.retentionResolutionRaw }} + - --retention.resolution-5m={{ .Values.compactor.retentionResolution5m }} + - --retention.resolution-1h={{ .Values.compactor.retentionResolution1h }} + - --consistency-delay={{ .Values.compactor.consistencyDelay }} + - --objstore.config-file=/conf/objstore.yml + {{- if (include "thanos.httpConfigEnabled" .) }} + - --http.config=/conf/http/http-config.yml + {{- end }} + {{- if .Values.compactor.extraFlags }} + {{- .Values.compactor.extraFlags | toYaml | nindent 8 }} + {{- end }} + {{- if not .Values.compactor.cronJob.enabled }} + - --wait + {{- end }} + {{- end }} + {{- if .Values.compactor.extraEnvVars }} + env: {{- include "common.tplvalues.render" (dict "value" .Values.compactor.extraEnvVars "context" $) | nindent 8 }} + {{- end }} + {{- if or .Values.compactor.extraEnvVarsCM .Values.compactor.extraEnvVarsSecret }} + envFrom: + {{- if .Values.compactor.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.compactor.extraEnvVarsCM "context" $) }} + {{- end }} + {{- if .Values.compactor.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.compactor.extraEnvVarsSecret "context" $) }} + {{- end }} + {{- end }} + ports: + - name: http + containerPort: {{ .Values.compactor.containerPorts.http }} + protocol: TCP + {{- if .Values.compactor.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.compactor.customLivenessProbe "context" $) | nindent 8 }} + {{- else if .Values.compactor.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.compactor.livenessProbe "enabled") "context" $) | nindent 8 }} + {{- if not .Values.auth.basicAuthUsers }} + httpGet: + path: /-/healthy + port: http + scheme: {{ ternary "HTTPS" "HTTP" .Values.https.enabled }} + {{- else }} + tcpSocket: + port: http + {{- end }} + {{- end }} + {{- if .Values.compactor.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.compactor.customReadinessProbe "context" $) | nindent 8 }} + {{- else if .Values.compactor.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.compactor.readinessProbe "enabled") "context" $) | nindent 8 }} + {{- if not .Values.auth.basicAuthUsers }} + httpGet: + path: /-/ready + port: http + scheme: {{ ternary "HTTPS" "HTTP" .Values.https.enabled }} + {{- else }} + tcpSocket: + port: http + {{- end }} + {{- end }} + {{- if .Values.compactor.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.compactor.customStartupProbe "context" $) | nindent 8 }} + {{- else if .Values.compactor.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.compactor.startupProbe "enabled") "context" $) | nindent 8 }} + {{- if not .Values.auth.basicAuthUsers }} + httpGet: + path: /-/ready + port: http + scheme: {{ ternary "HTTPS" "HTTP" .Values.https.enabled }} + {{- else }} + tcpSocket: + port: http + {{- end }} + {{- end }} + {{- if .Values.compactor.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.compactor.lifecycleHooks "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.compactor.resources }} + resources: {{- toYaml .Values.compactor.resources | nindent 8 }} + {{- else if ne .Values.compactor.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.compactor.resourcesPreset) | nindent 8 }} + {{- end }} + volumeMounts: + - name: objstore-config + mountPath: /conf + {{- if (include "thanos.httpConfigEnabled" .) }} + - name: http-config + mountPath: /conf/http + {{- if .Values.https.enabled }} + - name: http-certs + mountPath: /certs + {{- end }} + {{- end }} + - name: data + mountPath: /data + {{- if .Values.compactor.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.compactor.extraVolumeMounts "context" $) | nindent 8 }} + {{- end }} + volumes: + - name: objstore-config + secret: + secretName: {{ include "thanos.objstoreSecretName" . }} + {{- if .Values.existingObjstoreSecretItems }} + items: {{- toYaml .Values.existingObjstoreSecretItems | nindent 10 }} + {{- end }} + {{- if (include "thanos.httpConfigEnabled" .) }} + - name: http-config + secret: + secretName: {{ include "thanos.httpConfigSecretName" . }} + {{- if .Values.https.enabled }} + - name: http-certs + secret: + secretName: {{ include "thanos.httpCertsSecretName" . }} + {{- end }} + {{- end }} + {{- if or .Values.compactor.persistence.enabled .Values.compactor.persistence.defaultEmptyDir }} + - name: data + {{- if .Values.compactor.persistence.enabled }} + {{- if .Values.compactor.persistence.ephemeral }} + ephemeral: + volumeClaimTemplate: + metadata: + {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.compactor.persistence.labels .Values.commonLabels ) "context" . ) }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 14 }} + app.kubernetes.io/component: compactor + {{- if or .Values.compactor.persistence.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.compactor.persistence.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 14 }} + {{- end }} + spec: + accessModes: + {{- range .Values.compactor.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + {{- include "common.storage.class" (dict "persistence" .Values.compactor.persistence "global" .Values.global) | nindent 12 }} + resources: + requests: + storage: {{ .Values.compactor.persistence.size | quote }} + {{- else }} + persistentVolumeClaim: + claimName: {{ include "thanos.compactor.pvcName" . }} + {{- end }} + {{- else }} + emptyDir: {} + {{- end }} + {{- end }} + {{- if .Values.compactor.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.compactor.extraVolumes "context" $) | nindent 4 }} + {{- end }} +{{- end -}} diff --git a/charts/thanos/templates/compactor/cronjob.yaml b/charts/thanos/templates/compactor/cronjob.yaml new file mode 100644 index 0000000000..dcd0ec4857 --- /dev/null +++ b/charts/thanos/templates/compactor/cronjob.yaml @@ -0,0 +1,50 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.compactor.enabled .Values.compactor.cronJob.enabled }} +apiVersion: {{ include "common.capabilities.cronjob.apiVersion" . }} +kind: CronJob +metadata: + name: {{ include "thanos.compactor.fullname" . }} + namespace: {{ include "common.names.namespace" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: compactor + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + schedule: "{{ .Values.compactor.cronJob.schedule }}" + {{- if .Values.compactor.cronJob.timeZone }} + timeZone: {{ .Values.compactor.cronJob.timeZone }} + {{- end }} + {{- if .Values.compactor.cronJob.startingDeadlineSeconds }} + startingDeadlineSeconds: {{ .Values.compactor.cronJob.startingDeadlineSeconds }} + {{- end }} + {{- if .Values.compactor.cronJob.concurrencyPolicy }} + concurrencyPolicy: {{ .Values.compactor.cronJob.concurrencyPolicy }} + {{- end }} + {{- if .Values.compactor.cronJob.suspend }} + suspend: {{ .Values.compactor.cronJob.suspend }} + {{- end }} + {{- if .Values.compactor.cronJob.successfulJobsHistoryLimit }} + successfulJobsHistoryLimit: {{ .Values.compactor.cronJob.successfulJobsHistoryLimit }} + {{- end }} + {{- if .Values.compactor.cronJob.failedJobsHistoryLimit }} + failedJobsHistoryLimit: {{ .Values.compactor.cronJob.failedJobsHistoryLimit }} + {{- end }} + jobTemplate: + spec: + {{- if .Values.compactor.cronJob.backoffLimit }} + backoffLimit: {{ .Values.compactor.cronJob.backoffLimit }} + {{- end }} + {{- if .Values.compactor.cronJob.activeDeadlineSeconds }} + activeDeadlineSeconds: {{ .Values.compactor.cronJob.activeDeadlineSeconds }} + {{- end }} + {{- if .Values.compactor.cronJob.ttlSecondsAfterFinished }} + ttlSecondsAfterFinished: {{ .Values.compactor.cronJob.ttlSecondsAfterFinished }} + {{- end }} + template: + {{- include "thanos.compactor.podTemplate" . | nindent 8 }} +{{- end }} diff --git a/charts/thanos/templates/compactor/deployment.yaml b/charts/thanos/templates/compactor/deployment.yaml new file mode 100644 index 0000000000..c73ea12d12 --- /dev/null +++ b/charts/thanos/templates/compactor/deployment.yaml @@ -0,0 +1,29 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.compactor.enabled (not .Values.compactor.cronJob.enabled) }} +apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} +kind: Deployment +metadata: + name: {{ include "thanos.compactor.fullname" . }} + namespace: {{ include "common.names.namespace" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: compactor + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + replicas: 1 + revisionHistoryLimit: {{ .Values.compactor.revisionHistoryLimit }} + {{- if .Values.compactor.updateStrategy }} + strategy: {{- toYaml .Values.compactor.updateStrategy | nindent 4 }} + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.compactor.podLabels .Values.commonLabels ) "context" . ) }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: compactor + template: + {{- include "thanos.compactor.podTemplate" . | nindent 4 }} +{{- end }} diff --git a/charts/thanos/templates/compactor/ingress.yaml b/charts/thanos/templates/compactor/ingress.yaml new file mode 100644 index 0000000000..2d50ff9b84 --- /dev/null +++ b/charts/thanos/templates/compactor/ingress.yaml @@ -0,0 +1,57 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.compactor.enabled .Values.compactor.ingress.enabled -}} +apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} +kind: Ingress +metadata: + name: {{ include "thanos.compactor.fullname" . }} + namespace: {{ include "common.names.namespace" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: compactor + {{- if or .Values.compactor.ingress.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.compactor.ingress.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.compactor.ingress.ingressClassName (include "common.ingress.supportsIngressClassname" .) }} + ingressClassName: {{ .Values.compactor.ingress.ingressClassName | quote }} + {{- end }} + rules: + {{- if .Values.compactor.ingress.hostname }} + - host: {{ include "common.tplvalues.render" ( dict "value" .Values.compactor.ingress.hostname "context" $ ) }} + http: + paths: + - path: {{ .Values.compactor.ingress.path }} + {{- if eq "true" (include "common.ingress.supportsPathType" .) }} + pathType: {{ .Values.compactor.ingress.pathType }} + {{- end }} + backend: {{- include "common.ingress.backend" (dict "serviceName" (printf "%s-%s" (include "common.names.fullname" .) "compactor") "servicePort" "http" "context" $) | nindent 14 }} + {{- end }} + {{- range .Values.compactor.ingress.extraHosts }} + - host: {{ .name }} + http: + paths: + - path: {{ default "/" .path }} + {{- if eq "true" (include "common.ingress.supportsPathType" $) }} + pathType: {{ default "ImplementationSpecific" .pathType }} + {{- end }} + backend: {{- include "common.ingress.backend" (dict "serviceName" (printf "%s-%s" (include "common.names.fullname" $) "compactor") "servicePort" "http" "context" $) | nindent 14 }} + {{- end }} + {{- if .Values.compactor.ingress.extraRules }} + {{- include "common.tplvalues.render" (dict "value" .Values.compactor.ingress.extraRules "context" $) | nindent 4 }} + {{- end }} + {{- if or (and .Values.compactor.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.compactor.ingress.annotations )) .Values.compactor.ingress.selfSigned)) .Values.compactor.ingress.extraTls }} + tls: + {{- if and .Values.compactor.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.compactor.ingress.annotations )) .Values.compactor.ingress.selfSigned) }} + - hosts: + - {{ .Values.compactor.ingress.hostname }} + secretName: {{ printf "%s-tls" .Values.compactor.ingress.hostname }} + {{- end }} + {{- if .Values.compactor.ingress.extraTls }} + {{- include "common.tplvalues.render" (dict "value" .Values.compactor.ingress.extraTls "context" $) | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/thanos/templates/compactor/networkpolicy.yaml b/charts/thanos/templates/compactor/networkpolicy.yaml new file mode 100644 index 0000000000..087637e32a --- /dev/null +++ b/charts/thanos/templates/compactor/networkpolicy.yaml @@ -0,0 +1,80 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.compactor.enabled .Values.compactor.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} +metadata: + name: {{ template "thanos.compactor.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: compactor + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.compactor.podLabels .Values.commonLabels ) "context" . ) }} + podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: compactor + policyTypes: + - Ingress + - Egress + {{- if .Values.compactor.networkPolicy.allowExternalEgress }} + egress: + - {} + {{- else }} + egress: + # Allow dns resolution + - ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + {{- if .Values.minio.enabled }} + # Communicate with minio + - ports: + - port: {{ .Values.minio.service.ports.api }} + - port: {{ .Values.minio.service.ports.api }} + to: + - podSelector: + matchLabels: + app.kubernetes.io/name: minio + app.kubernetes.io/instance: {{ .Release.Name }} + {{- end }} + {{- if .Values.compactor.networkPolicy.extraEgress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.compactor.networkPolicy.extraEgress "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} + ingress: + - ports: + - port: {{ .Values.compactor.containerPorts.http }} + - port: {{ .Values.compactor.service.ports.http }} + {{- if not .Values.compactor.networkPolicy.allowExternal }} + from: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} + - podSelector: + matchLabels: + {{ template "thanos.compactor.fullname" . }}-client: "true" + {{- if .Values.compactor.networkPolicy.ingressNSMatchLabels }} + - namespaceSelector: + matchLabels: + {{- range $key, $value := .Values.compactor.networkPolicy.ingressNSMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- if .Values.compactor.networkPolicy.ingressNSPodMatchLabels }} + podSelector: + matchLabels: + {{- range $key, $value := .Values.compactor.networkPolicy.ingressNSPodMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.compactor.networkPolicy.extraIngress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.compactor.networkPolicy.extraIngress "context" $ ) | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/thanos/templates/compactor/pvc.yaml b/charts/thanos/templates/compactor/pvc.yaml new file mode 100644 index 0000000000..9adea2640c --- /dev/null +++ b/charts/thanos/templates/compactor/pvc.yaml @@ -0,0 +1,28 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.compactor.persistence.enabled (not (or .Values.compactor.persistence.existingClaim .Values.compactor.persistence.ephemeral)) .Values.compactor.enabled }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ include "thanos.compactor.fullname" . }} + namespace: {{ include "common.names.namespace" . }} + {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.compactor.persistence.labels .Values.commonLabels ) "context" . ) }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: compactor + {{- if or .Values.compactor.persistence.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.compactor.persistence.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + accessModes: + {{- range .Values.compactor.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.compactor.persistence.size | quote }} + {{- include "common.storage.class" (dict "persistence" .Values.compactor.persistence "global" .Values.global) | nindent 2 }} +{{- end }} diff --git a/charts/thanos/templates/compactor/service.yaml b/charts/thanos/templates/compactor/service.yaml new file mode 100644 index 0000000000..e61aaf1157 --- /dev/null +++ b/charts/thanos/templates/compactor/service.yaml @@ -0,0 +1,55 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.compactor.enabled (not .Values.compactor.cronJob.enabled) }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "thanos.compactor.fullname" . }} + namespace: {{ include "common.names.namespace" . }} + {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.compactor.service.labels .Values.commonLabels ) "context" . ) }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: compactor + {{- include "thanos.servicemonitor.matchLabels" . | nindent 4 -}} + {{- if or .Values.compactor.service.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.compactor.service.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.compactor.service.type }} + {{- if and .Values.compactor.service.clusterIP (eq .Values.compactor.service.type "ClusterIP") }} + clusterIP: {{ .Values.compactor.service.clusterIP }} + {{- end }} + {{- if ne .Values.compactor.service.type "ClusterIP" }} + externalTrafficPolicy: {{ .Values.compactor.service.externalTrafficPolicy }} + {{- end }} + {{- if and .Values.compactor.service.loadBalancerIP (eq .Values.compactor.service.type "LoadBalancer") }} + loadBalancerIP: {{ .Values.compactor.service.loadBalancerIP }} + {{- end }} + {{- if and (eq .Values.compactor.service.type "LoadBalancer") .Values.compactor.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{- toYaml .Values.compactor.service.loadBalancerSourceRanges | nindent 4 }} + {{- end }} + ports: + - port: {{ .Values.compactor.service.ports.http }} + targetPort: http + protocol: TCP + name: http + {{- if and (or (eq .Values.compactor.service.type "NodePort") (eq .Values.compactor.service.type "LoadBalancer")) .Values.compactor.service.nodePorts.http }} + nodePort: {{ .Values.compactor.service.nodePorts.http }} + {{- else if eq .Values.compactor.service.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- if .Values.compactor.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.compactor.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: + {{- if .Values.compactor.service.labelSelectorsOverride }} + {{- include "common.tplvalues.render" (dict "value" .Values.compactor.service.labelSelectorsOverride "context" $) | nindent 4 }} + {{- else }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.compactor.podLabels .Values.commonLabels ) "context" . ) }} + {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: compactor + {{- end }} +{{- end }} diff --git a/charts/thanos/templates/compactor/serviceaccount.yaml b/charts/thanos/templates/compactor/serviceaccount.yaml new file mode 100644 index 0000000000..fa086af74d --- /dev/null +++ b/charts/thanos/templates/compactor/serviceaccount.yaml @@ -0,0 +1,19 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.compactor.enabled .Values.compactor.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "thanos.compactor.serviceAccountName" . }} + namespace: {{ include "common.names.namespace" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: compactor + {{- if or .Values.compactor.serviceAccount.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.compactor.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.compactor.serviceAccount.automountServiceAccountToken }} +{{- end }} diff --git a/charts/thanos/templates/compactor/servicemonitor.yaml b/charts/thanos/templates/compactor/servicemonitor.yaml new file mode 100644 index 0000000000..6c55755dd2 --- /dev/null +++ b/charts/thanos/templates/compactor/servicemonitor.yaml @@ -0,0 +1,49 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.compactor.enabled .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled (not .Values.compactor.cronJob.enabled) }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "thanos.compactor.fullname" . }} + namespace: {{ default .Release.Namespace .Values.metrics.serviceMonitor.namespace | quote }} + {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.serviceMonitor.labels .Values.commonLabels ) "context" . ) }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: compactor + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.metrics.serviceMonitor.jobLabel }} + jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel }} + {{- end }} + endpoints: + - port: http + {{- if .Values.metrics.serviceMonitor.interval }} + interval: {{ .Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: {{ toYaml .Values.metrics.serviceMonitor.metricRelabelings | nindent 8 }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.relabelings }} + relabelings: {{ toYaml .Values.metrics.serviceMonitor.relabelings | nindent 8 }} + {{- end }} + {{- if .Values.https.enabled }} + scheme: https + {{- end }} + {{- if .Values.metrics.serviceMonitor.extraParameters }} + {{- toYaml .Values.metrics.serviceMonitor.extraParameters | nindent 6 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace | quote }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: compactor + {{- include "thanos.servicemonitor.selector" . | nindent 6 -}} +{{- end }} diff --git a/charts/thanos/templates/compactor/tls-secrets.yaml b/charts/thanos/templates/compactor/tls-secrets.yaml new file mode 100644 index 0000000000..064c68762a --- /dev/null +++ b/charts/thanos/templates/compactor/tls-secrets.yaml @@ -0,0 +1,46 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.compactor.ingress.enabled }} +{{- if .Values.compactor.ingress.secrets }} +{{- range .Values.compactor.ingress.secrets }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" $ }}-compactor + namespace: {{ include "common.names.namespace" $ }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: compactor + {{- if $.Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + tls.crt: {{ .certificate | b64enc }} + tls.key: {{ .key | b64enc }} +--- +{{- end }} +{{- end }} +{{- if and .Values.compactor.ingress.tls .Values.compactor.ingress.selfSigned }} +{{- $secretName := printf "%s-tls" .Values.compactor.ingress.hostname }} +{{- $ca := genCA "thanos-compactor-ca" 365 }} +{{- $cert := genSignedCert .Values.compactor.ingress.hostname nil (list .Values.compactor.ingress.hostname) 365 $ca }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} + namespace: {{ include "common.names.namespace" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: compactor + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }} + tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }} + ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }} +{{- end }} +{{- end }} diff --git a/charts/thanos/templates/extra-list.yaml b/charts/thanos/templates/extra-list.yaml new file mode 100644 index 0000000000..329f5c653a --- /dev/null +++ b/charts/thanos/templates/extra-list.yaml @@ -0,0 +1,9 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- range .Values.extraDeploy }} +--- +{{ include "common.tplvalues.render" (dict "value" . "context" $) }} +{{- end }} diff --git a/charts/thanos/templates/grpc-tls-secrets.yaml b/charts/thanos/templates/grpc-tls-secrets.yaml new file mode 100644 index 0000000000..58a7435998 --- /dev/null +++ b/charts/thanos/templates/grpc-tls-secrets.yaml @@ -0,0 +1,116 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- $releaseNamespace := include "common.names.namespace" . }} +{{- $clusterDomain := .Values.clusterDomain }} +{{- $ca := genCA "thanos-grpc-ca" 365 }} +{{- if and .Values.storegateway.enabled .Values.storegateway.grpc.server.tls.enabled (not .Values.storegateway.grpc.server.tls.existingSecret) }} +{{- $secretName := printf "%s-store-grpc-server" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} + namespace: {{ include "common.names.namespace" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: storegateway + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: Opaque +data: + {{- if .Values.storegateway.grpc.server.tls.autoGenerated }} + {{- $hostname := printf "%s-store-grpc-server" (include "common.names.fullname" .) }} + {{- $cert := genSignedCert $hostname nil (list $hostname) 365 $ca }} + tls-cert: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls-cert" "defaultValue" $cert.Cert "context" $) }} + tls-key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls-key" "defaultValue" $cert.Key "context" $) }} + ca-cert: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca-cert" "defaultValue" $ca.Cert "context" $) }} + {{- else }} + tls-cert: {{ required "'storegateway.grpc.server.tls.cert' is required when 'storegateway.grpc.server.tls.enabled=true'" .Values.storegateway.grpc.server.tls.cert | b64enc | quote }} + tls-key: {{ required "'storegateway.grpc.server.tls.key' is required when 'storegateway.grpc.server.tls.enabled=true'" .Values.storegateway.grpc.server.tls.key | b64enc | quote }} + ca-cert: {{ required "'storegateway.grpc.server.tls.ca' is required when 'storegateway.grpc.server.tls.enabled=true'" .Values.storegateway.grpc.server.tls.ca | b64enc | quote }} + {{- end }} +--- +{{- end }} +{{- if and .Values.receive.enabled .Values.receive.grpc.server.tls.enabled (not .Values.receive.grpc.server.tls.existingSecret) }} +{{- $secretName := printf "%s-receive-grpc-server" (include "common.names.fullname" .) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} + namespace: {{ include "common.names.namespace" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: receive + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: Opaque +data: + {{- if .Values.receive.grpc.server.tls.autoGenerated }} + {{- $hostname := printf "%s-receive-grpc-server" (include "common.names.fullname" .) }} + {{- $cert := genSignedCert $hostname nil (list $hostname) 365 $ca }} + tls-cert: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls-cert" "defaultValue" $cert.Cert "context" $) }} + tls-key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls-key" "defaultValue" $cert.Key "context" $) }} + ca-cert: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca-cert" "defaultValue" $ca.Cert "context" $) }} + {{- else }} + tls-cert: {{ required "'receive.grpc.server.tls.cert' is required when 'receive.grpc.server.tls.enabled=true'" .Values.receive.grpc.server.tls.cert | b64enc | quote }} + tls-key: {{ required "'receive.grpc.server.tls.key' is required when 'receive.grpc.server.tls.enabled=true'" .Values.receive.grpc.server.tls.key | b64enc | quote }} + ca-cert: {{ required "'receive.grpc.server.tls.ca' is required when 'receive.grpc.server.tls.enabled=true'" .Values.receive.grpc.server.tls.ca | b64enc | quote }} + {{- end }} +--- +{{- end }} +{{- if and .Values.query.enabled .Values.query.grpc.server.tls.enabled (not .Values.query.grpc.server.tls.existingSecret) }} +{{- $secretName := printf "%s-query-grpc-server" (include "common.names.fullname" .) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} + namespace: {{ include "common.names.namespace" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: query + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: Opaque +data: + {{- if .Values.query.grpc.server.tls.autoGenerated }} + {{- $hostname := printf "%s-query-grpc-server" (include "common.names.fullname" .) }} + {{- $cert := genSignedCert $hostname nil (list $hostname) 365 $ca }} + tls-cert: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls-cert" "defaultValue" $cert.Cert "context" $) }} + tls-key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls-key" "defaultValue" $cert.Key "context" $) }} + ca-cert: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca-cert" "defaultValue" $ca.Cert "context" $) }} + {{- else }} + tls-cert: {{ required "'query.grpc.server.tls.cert' is required when 'query.grpc.server.tls=true'" .Values.query.grpc.server.tls.cert | b64enc | quote }} + tls-key: {{ required "'query.grpc.server.tls.key' is required when 'query.grpc.server.tls=true'" .Values.query.grpc.server.tls.key | b64enc | quote }} + ca-cert: {{ required "'query.grpc.server.tls.ca' is required when 'query.grpc.server.tls=true'" .Values.query.grpc.server.tls.ca | b64enc | quote }} + {{- end }} +--- +{{- end }} +{{- if and .Values.query.enabled .Values.query.grpc.client.tls.enabled (not .Values.query.grpc.client.tls.existingSecret) }} +{{- $secretName := printf "%s-query-grpc-client" (include "common.names.fullname" .) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} + namespace: {{ include "common.names.namespace" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: query + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: Opaque +data: + {{- if .Values.query.grpc.client.tls.autoGenerated }} + {{- $hostname := printf "%s-query-grpc-client" (include "common.names.fullname" .) }} + {{- $cert := genSignedCert $hostname nil (list $hostname) 365 $ca }} + tls-cert: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls-cert" "defaultValue" $cert.Cert "context" $) }} + tls-key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls-key" "defaultValue" $cert.Key "context" $) }} + ca-cert: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca-cert" "defaultValue" $ca.Cert "context" $) }} + {{- else }} + tls-cert: {{ required "'query.grpc.client.tls.cert' is required when 'query.grpc.client.tls=true'" .Values.query.grpc.client.tls.cert | b64enc | quote }} + tls-key: {{ required "'query.grpc.client.tls.key' is required when 'query.grpc.client.tls=true'" .Values.query.grpc.client.tls.key | b64enc | quote }} + ca-cert: {{ required "'query.grpc.client.tls.ca' is required when 'query.grpc.client.tls=true'" .Values.query.grpc.client.tls.ca | b64enc | quote }} + {{- end }} +--- +{{- end }} diff --git a/charts/thanos/templates/http-certs-secret.yaml b/charts/thanos/templates/http-certs-secret.yaml new file mode 100644 index 0000000000..658e221460 --- /dev/null +++ b/charts/thanos/templates/http-certs-secret.yaml @@ -0,0 +1,35 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.https.enabled (not .Values.https.existingSecret) }} +{{- $secretName := printf "%s-http-certs-secret" (include "common.names.fullname" .) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} + namespace: {{ include "common.names.namespace" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: Opaque +data: + {{- if .Values.https.autoGenerated }} + {{- $ca := genCA "thanos-ca" 365 }} + {{- $hostname := printf "%s" (include "common.names.fullname" .) }} + {{- $cert := genSignedCert $hostname nil (list $hostname) 365 $ca }} + {{ .Values.https.certFilename }}: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" .Values.https.certFilename "defaultValue" $cert.Cert "context" $) }} + {{ .Values.https.keyFilename }}: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" .Values.https.keyFilename "defaultValue" $cert.Key "context" $) }} + {{- if .Values.https.clientAuthType }} + {{ .Values.https.caFilename }}: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" .Values.https.caFilename "defaultValue" $ca.Cert "context" $) }} + {{- end }} + {{- else }} + {{ .Values.https.certFilename }}: {{ required "'https.cert' is required when 'https.enabled=true'" .Values.https.cert | b64enc | quote }} + {{ .Values.https.keyFilename }}: {{ required "'https.key' is required when 'https.enabled=true'" .Values.https.key | b64enc | quote }} + {{- if .Values.https.clientAuthType }} + {{ .Values.https.caFilename }}: {{ required "'https.ca' is required when 'https.clientAuthType' is provided" .Values.https.ca | b64enc | quote }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/thanos/templates/httpconfig-secret.yaml b/charts/thanos/templates/httpconfig-secret.yaml new file mode 100644 index 0000000000..6c86e009f9 --- /dev/null +++ b/charts/thanos/templates/httpconfig-secret.yaml @@ -0,0 +1,38 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if (include "thanos.createHttpConfigSecret" .) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" . }}-http-config-secret + namespace: {{ include "common.names.namespace" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} +stringData: + http-config.yml: |- +{{- if .Values.httpConfig }} + {{- include "common.tplvalues.render" (dict "value" .Values.httpConfig "context" $) | nindent 4 }} +{{- else }} + {{- if .Values.https.enabled }} + tls_server_config: + cert_file: /certs/{{ .Values.https.certFilename }} + key_file: /certs/{{ .Values.https.keyFilename }} + {{- if .Values.https.clientAuthType }} + client_auth_type: {{ .Values.https.clientAuthType }} + # CA certificate for client certificate authentication to the server. + client_ca_file: /certs/{{ .Values.https.caFilename }} + {{- end }} + {{- if .Values.https.extraTlsServerConfig }} + {{- include "common.tplvalues.render" (dict "value" .Values.https.extraTlsServerConfig "context" $) | nindent 6 }} + {{- end }} + {{- end }} + {{- if .Values.auth.basicAuthUsers }} + basic_auth_users: + {{- range $user, $password := .Values.auth.basicAuthUsers }} + {{ $user }}: {{ (split ":" (htpasswd $user $password))._1 }} + {{- end }} + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/thanos/templates/objstore-secret.yaml b/charts/thanos/templates/objstore-secret.yaml new file mode 100644 index 0000000000..fe6abc6a81 --- /dev/null +++ b/charts/thanos/templates/objstore-secret.yaml @@ -0,0 +1,15 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if (include "thanos.createObjstoreSecret" .) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" . }}-objstore-secret + namespace: {{ include "common.names.namespace" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} +data: + {{- include "thanos.objstoreConfig" . | nindent 2 }} +{{- end }} diff --git a/charts/thanos/templates/prometheusrule.yaml b/charts/thanos/templates/prometheusrule.yaml new file mode 100644 index 0000000000..f76873655d --- /dev/null +++ b/charts/thanos/templates/prometheusrule.yaml @@ -0,0 +1,21 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled .Values.metrics.prometheusRule.groups }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ default (include "common.names.namespace" .) .Values.metrics.prometheusRule.namespace | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- if .Values.metrics.prometheusRule.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + groups: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.prometheusRule.groups "context" $ ) | nindent 2 }} +{{- end }} diff --git a/charts/thanos/templates/query-frontend/configmap.yaml b/charts/thanos/templates/query-frontend/configmap.yaml new file mode 100644 index 0000000000..0cf431865d --- /dev/null +++ b/charts/thanos/templates/query-frontend/configmap.yaml @@ -0,0 +1,19 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if (include "thanos.queryFrontend.createConfigmap" .) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "thanos.query-frontend.fullname" . }} + namespace: {{ include "common.names.namespace" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: query-frontend + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + {{- include "thanos.queryFrontendConfigMap" . | nindent 2 }} +{{ end }} diff --git a/charts/thanos/templates/query-frontend/deployment.yaml b/charts/thanos/templates/query-frontend/deployment.yaml new file mode 100644 index 0000000000..495a49beae --- /dev/null +++ b/charts/thanos/templates/query-frontend/deployment.yaml @@ -0,0 +1,219 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.queryFrontend.enabled }} +apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} +kind: Deployment +metadata: + name: {{ include "thanos.query-frontend.fullname" . }} + namespace: {{ include "common.names.namespace" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: query-frontend + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if not .Values.queryFrontend.autoscaling.enabled }} + replicas: {{ .Values.queryFrontend.replicaCount }} + {{- end }} + revisionHistoryLimit: {{ .Values.queryFrontend.revisionHistoryLimit }} + {{- if .Values.queryFrontend.updateStrategy }} + strategy: {{- toYaml .Values.queryFrontend.updateStrategy | nindent 4 }} + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.queryFrontend.podLabels .Values.commonLabels ) "context" . ) }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: query-frontend + template: + metadata: + labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }} + app.kubernetes.io/component: query-frontend + {{- if or .Values.queryFrontend.podAnnotations (include "thanos.queryFrontend.createConfigmap" .) }} + annotations: + {{- if (include "thanos.queryFrontend.createConfigmap" .) }} + checksum/query-frontend-configuration: {{ include "thanos.queryFrontendConfigMap" . | sha256sum }} + {{- end }} + {{- if .Values.queryFrontend.podAnnotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.queryFrontend.podAnnotations "context" $) | nindent 8 }} + {{- end }} + {{- end }} + spec: + {{- include "thanos.imagePullSecrets" . | nindent 6 }} + serviceAccountName: {{ include "thanos.query-frontend.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.queryFrontend.automountServiceAccountToken }} + {{- if .Values.queryFrontend.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.queryFrontend.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.queryFrontend.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.queryFrontend.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.queryFrontend.podAffinityPreset "component" "query-frontend" "customLabels" $podLabels "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.queryFrontend.podAntiAffinityPreset "component" "query-frontend" "customLabels" $podLabels "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.queryFrontend.nodeAffinityPreset.type "key" .Values.queryFrontend.nodeAffinityPreset.key "values" .Values.queryFrontend.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.queryFrontend.dnsConfig }} + dnsConfig: {{- include "common.tplvalues.render" (dict "value" .Values.queryFrontend.dnsConfig "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.queryFrontend.dnsPolicy }} + dnsPolicy: {{ .Values.queryFrontend.dnsPolicy | quote }} + {{- end }} + {{- if .Values.queryFrontend.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.queryFrontend.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.queryFrontend.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.queryFrontend.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.queryFrontend.priorityClassName }} + priorityClassName: {{ .Values.queryFrontend.priorityClassName | quote }} + {{- end }} + {{- if .Values.queryFrontend.schedulerName }} + schedulerName: {{ .Values.queryFrontend.schedulerName }} + {{- end }} + {{- if .Values.queryFrontend.podSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.queryFrontend.podSecurityContext "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.queryFrontend.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.queryFrontend.topologySpreadConstraints "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.queryFrontend.initContainers }} + initContainers: {{- include "common.tplvalues.render" (dict "value" .Values.queryFrontend.initContainers "context" $) | nindent 8 }} + {{- end }} + containers: + {{- if .Values.queryFrontend.sidecars }} + {{- include "common.tplvalues.render" (dict "value" .Values.queryFrontend.sidecars "context" $) | nindent 8 }} + {{- end }} + - name: query-frontend + image: {{ include "thanos.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.queryFrontend.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.queryFrontend.containerSecurityContext "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.queryFrontend.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.queryFrontend.command "context" $) | nindent 12 }} + {{- end }} + args: + {{- if .Values.queryFrontend.args }} + {{- include "common.tplvalues.render" (dict "value" .Values.queryFrontend.args "context" $) | nindent 12 }} + {{- else }} + - query-frontend + - --log.level={{ .Values.queryFrontend.logLevel }} + - --log.format={{ .Values.queryFrontend.logFormat }} + - --http-address=0.0.0.0:{{ .Values.queryFrontend.containerPorts.http }} + - --query-frontend.downstream-url={{ ternary "https" "http" .Values.https.enabled }}://{{ include "thanos.query.fullname" . }}:{{ .Values.query.service.ports.http }} + {{- if (include "thanos.httpConfigEnabled" .) }} + - --http.config=/conf/http/http-config.yml + {{- end }} + {{- if or .Values.queryFrontend.config .Values.queryFrontend.existingConfigmap }} + - --query-range.response-cache-config-file=/conf/cache/config.yml + {{- end }} + {{- if .Values.queryFrontend.extraFlags }} + {{- include "common.tplvalues.render" (dict "value" .Values.queryFrontend.extraFlags "context" $) | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.queryFrontend.extraEnvVars }} + env: {{- include "common.tplvalues.render" (dict "value" .Values.queryFrontend.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + {{- if or .Values.queryFrontend.extraEnvVarsCM .Values.queryFrontend.extraEnvVarsSecret }} + envFrom: + {{- if .Values.queryFrontend.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.queryFrontend.extraEnvVarsCM "context" $) }} + {{- end }} + {{- if .Values.queryFrontend.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.queryFrontend.extraEnvVarsSecret "context" $) }} + {{- end }} + {{- end }} + ports: + - name: http + containerPort: {{ .Values.queryFrontend.containerPorts.http }} + protocol: TCP + {{- if .Values.queryFrontend.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.queryFrontend.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.queryFrontend.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.queryFrontend.livenessProbe "enabled") "context" $) | nindent 12 }} + {{- if not .Values.auth.basicAuthUsers }} + httpGet: + path: /-/healthy + port: http + scheme: {{ ternary "HTTPS" "HTTP" .Values.https.enabled }} + {{- else }} + tcpSocket: + port: http + {{- end }} + {{- end }} + {{- if .Values.queryFrontend.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.queryFrontend.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.queryFrontend.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.queryFrontend.readinessProbe "enabled") "context" $) | nindent 12 }} + {{- if not .Values.auth.basicAuthUsers }} + httpGet: + path: /-/ready + port: http + scheme: {{ ternary "HTTPS" "HTTP" .Values.https.enabled }} + {{- else }} + tcpSocket: + port: http + {{- end }} + {{- end }} + {{- if .Values.queryFrontend.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.queryFrontend.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.queryFrontend.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.queryFrontend.startupProbe "enabled") "context" $) | nindent 12 }} + {{- if not .Values.auth.basicAuthUsers }} + httpGet: + path: /-/ready + port: http + scheme: {{ ternary "HTTPS" "HTTP" .Values.https.enabled }} + {{- else }} + tcpSocket: + port: http + {{- end }} + {{- end }} + {{- if .Values.queryFrontend.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.queryFrontend.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.queryFrontend.resources }} + resources: {{- toYaml .Values.queryFrontend.resources | nindent 12 }} + {{- else if ne .Values.queryFrontend.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.queryFrontend.resourcesPreset) | nindent 12 }} + {{- end }} + volumeMounts: + {{- if or .Values.queryFrontend.config .Values.queryFrontend.existingConfigmap }} + - name: cache-config + mountPath: /conf/cache + {{- end }} + {{- if (include "thanos.httpConfigEnabled" .) }} + - name: http-config + mountPath: /conf/http + {{- if .Values.https.enabled }} + - name: http-certs + mountPath: /certs + {{- end }} + {{- end }} + {{- if .Values.queryFrontend.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.queryFrontend.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + volumes: + {{- if (include "thanos.httpConfigEnabled" .) }} + - name: http-config + secret: + secretName: {{ include "thanos.httpConfigSecretName" . }} + {{- if .Values.https.enabled }} + - name: http-certs + secret: + secretName: {{ include "thanos.httpCertsSecretName" . }} + {{- end }} + {{- end }} + {{- if or .Values.queryFrontend.config .Values.queryFrontend.existingConfigmap }} + - name: cache-config + configMap: + name: {{ include "thanos.queryFrontend.configmapName" . }} + {{- end }} + {{- if .Values.queryFrontend.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.queryFrontend.extraVolumes "context" $) | nindent 8 }} + {{- end }} +{{- end }} diff --git a/charts/thanos/templates/query-frontend/hpa.yaml b/charts/thanos/templates/query-frontend/hpa.yaml new file mode 100644 index 0000000000..dcb0b51063 --- /dev/null +++ b/charts/thanos/templates/query-frontend/hpa.yaml @@ -0,0 +1,49 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.queryFrontend.enabled .Values.queryFrontend.autoscaling.enabled }} +apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ ) }} +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "thanos.query-frontend.fullname" . }} + namespace: {{ include "common.names.namespace" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: query-frontend + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + scaleTargetRef: + apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} + kind: Deployment + name: {{ include "thanos.query-frontend.fullname" . }} + minReplicas: {{ .Values.queryFrontend.autoscaling.minReplicas }} + maxReplicas: {{ .Values.queryFrontend.autoscaling.maxReplicas }} + metrics: + {{- if .Values.queryFrontend.autoscaling.targetMemory }} + - type: Resource + resource: + name: memory + {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} + targetAverageUtilization: {{ .Values.queryFrontend.autoscaling.targetMemory }} + {{- else }} + target: + type: Utilization + averageUtilization: {{ .Values.queryFrontend.autoscaling.targetMemory }} + {{- end }} + {{- end }} + {{- if .Values.queryFrontend.autoscaling.targetCPU }} + - type: Resource + resource: + name: cpu + {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} + targetAverageUtilization: {{ .Values.queryFrontend.autoscaling.targetCPU }} + {{- else }} + target: + type: Utilization + averageUtilization: {{ .Values.queryFrontend.autoscaling.targetCPU }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/thanos/templates/query-frontend/ingress.yaml b/charts/thanos/templates/query-frontend/ingress.yaml new file mode 100644 index 0000000000..67e970b37e --- /dev/null +++ b/charts/thanos/templates/query-frontend/ingress.yaml @@ -0,0 +1,57 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.queryFrontend.enabled .Values.queryFrontend.ingress.enabled -}} +apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} +kind: Ingress +metadata: + name: {{ include "thanos.query-frontend.fullname" . }} + namespace: {{ include "common.names.namespace" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: query-frontend + {{- if or .Values.queryFrontend.ingress.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.queryFrontend.ingress.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.queryFrontend.ingress.ingressClassName (include "common.ingress.supportsIngressClassname" .) }} + ingressClassName: {{ .Values.queryFrontend.ingress.ingressClassName | quote }} + {{- end }} + rules: + {{- if .Values.queryFrontend.ingress.hostname }} + - host: {{ include "common.tplvalues.render" ( dict "value" .Values.queryFrontend.ingress.hostname "context" $ ) }} + http: + paths: + - path: {{ .Values.queryFrontend.ingress.path }} + {{- if eq "true" (include "common.ingress.supportsPathType" .) }} + pathType: {{ .Values.queryFrontend.ingress.pathType }} + {{- end }} + backend: {{- include "common.ingress.backend" (dict "serviceName" (printf "%s-%s" (include "common.names.fullname" .) "query-frontend") "servicePort" "http" "context" $) | nindent 14 }} + {{- end }} + {{- range .Values.queryFrontend.ingress.extraHosts }} + - host: {{ .name }} + http: + paths: + - path: {{ default "/" .path }} + {{- if eq "true" (include "common.ingress.supportsPathType" $) }} + pathType: {{ default "ImplementationSpecific" .pathType }} + {{- end }} + backend: {{- include "common.ingress.backend" (dict "serviceName" (printf "%s-%s" (include "common.names.fullname" $) "query-frontend") "servicePort" "http" "context" $) | nindent 14 }} + {{- end }} + {{- if .Values.queryFrontend.ingress.extraRules }} + {{- include "common.tplvalues.render" (dict "value" .Values.queryFrontend.ingress.extraRules "context" $) | nindent 4 }} + {{- end }} + {{- if or (and .Values.queryFrontend.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.queryFrontend.ingress.annotations )) .Values.queryFrontend.ingress.selfSigned)) .Values.queryFrontend.ingress.extraTls }} + tls: + {{- if and .Values.queryFrontend.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.queryFrontend.ingress.annotations )) .Values.queryFrontend.ingress.selfSigned) }} + - hosts: + - {{ .Values.queryFrontend.ingress.hostname }} + secretName: {{ printf "%s-query-frontend" (include "common.names.fullname" .) }} + {{- end }} + {{- if .Values.queryFrontend.ingress.extraTls }} + {{- include "common.tplvalues.render" (dict "value" .Values.queryFrontend.ingress.extraTls "context" $) | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/thanos/templates/query-frontend/networkpolicy.yaml b/charts/thanos/templates/query-frontend/networkpolicy.yaml new file mode 100644 index 0000000000..567c7d40a7 --- /dev/null +++ b/charts/thanos/templates/query-frontend/networkpolicy.yaml @@ -0,0 +1,92 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.queryFrontend.enabled .Values.queryFrontend.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} +metadata: + name: {{ template "thanos.query-frontend.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: query-frontend + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.queryFrontend.podLabels .Values.commonLabels ) "context" . ) }} + podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: query-frontend + policyTypes: + - Ingress + - Egress + {{- if .Values.queryFrontend.networkPolicy.allowExternalEgress }} + egress: + - {} + {{- else }} + egress: + # Allow dns resolution + - ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + {{- if .Values.minio.enabled }} + # Communicate with minio + - ports: + - port: {{ .Values.minio.service.ports.api }} + - port: {{ .Values.minio.service.ports.api }} + to: + - podSelector: + matchLabels: + app.kubernetes.io/name: minio + app.kubernetes.io/instance: {{ .Release.Name }} + {{- end }} + {{- if .Values.query.enabled }} + # Communicate with query + - ports: + - port: {{ .Values.query.service.ports.http }} + - port: {{ .Values.query.containerPorts.http }} + - port: {{ .Values.query.serviceGrpc.ports.grpc }} + - port: {{ .Values.query.containerPorts.grpc }} + to: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }} + app.kubernetes.io/component: query + {{- end }} + {{- if .Values.queryFrontend.networkPolicy.extraEgress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.queryFrontend.networkPolicy.extraEgress "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} + ingress: + - ports: + - port: {{ .Values.queryFrontend.containerPorts.http }} + - port: {{ .Values.queryFrontend.service.ports.http }} + {{- if not .Values.queryFrontend.networkPolicy.allowExternal }} + from: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} + - podSelector: + matchLabels: + {{ template "thanos.query.fullname" . }}-client: "true" + {{- if .Values.queryFrontend.networkPolicy.ingressNSMatchLabels }} + - namespaceSelector: + matchLabels: + {{- range $key, $value := .Values.queryFrontend.networkPolicy.ingressNSMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- if .Values.queryFrontend.networkPolicy.ingressNSPodMatchLabels }} + podSelector: + matchLabels: + {{- range $key, $value := .Values.queryFrontend.networkPolicy.ingressNSPodMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.queryFrontend.networkPolicy.extraIngress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.queryFrontend.networkPolicy.extraIngress "context" $ ) | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/thanos/templates/query-frontend/pdb.yaml b/charts/thanos/templates/query-frontend/pdb.yaml new file mode 100644 index 0000000000..764fec3118 --- /dev/null +++ b/charts/thanos/templates/query-frontend/pdb.yaml @@ -0,0 +1,28 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.queryFrontend.enabled .Values.queryFrontend.pdb.create }} +apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} +kind: PodDisruptionBudget +metadata: + name: {{ include "thanos.query-frontend.fullname" . }} + namespace: {{ include "common.names.namespace" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: query-frontend + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.queryFrontend.pdb.minAvailable }} + minAvailable: {{ .Values.queryFrontend.pdb.minAvailable }} + {{- end }} + {{- if or .Values.queryFrontend.pdb.maxUnavailable ( not .Values.queryFrontend.pdb.minAvailable ) }} + maxUnavailable: {{ .Values.queryFrontend.pdb.maxUnavailable | default 1 }} + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.queryFrontend.podLabels .Values.commonLabels ) "context" . ) }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: query-frontend +{{- end }} diff --git a/charts/thanos/templates/query-frontend/psp-clusterrole.yaml b/charts/thanos/templates/query-frontend/psp-clusterrole.yaml new file mode 100644 index 0000000000..8ccf71661c --- /dev/null +++ b/charts/thanos/templates/query-frontend/psp-clusterrole.yaml @@ -0,0 +1,25 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and (include "common.capabilities.psp.supported" .) .Values.queryFrontend.enabled .Values.queryFrontend.pspEnabled .Values.queryFrontend.rbac.create }} +apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} +kind: ClusterRole +metadata: + name: {{ include "thanos.query-frontend.fullname" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: query-frontend + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +rules: + - apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ include "thanos.query-frontend.fullname" . }} + {{- if .Values.queryFrontend.rbac.rules }} + {{- include "common.tplvalues.render" ( dict "value" .Values.queryFrontend.rbac.rules "context" $ ) | nindent 2 }} + {{- end }} +{{- end }} diff --git a/charts/thanos/templates/query-frontend/psp-clusterrolebinding.yaml b/charts/thanos/templates/query-frontend/psp-clusterrolebinding.yaml new file mode 100644 index 0000000000..141615902e --- /dev/null +++ b/charts/thanos/templates/query-frontend/psp-clusterrolebinding.yaml @@ -0,0 +1,24 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and (include "common.capabilities.psp.supported" .) .Values.queryFrontend.enabled .Values.queryFrontend.pspEnabled .Values.queryFrontend.rbac.create }} +apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} +kind: ClusterRoleBinding +metadata: + name: {{ include "thanos.query-frontend.fullname" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: query-frontend + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +roleRef: + kind: ClusterRole + name: {{ include "thanos.query-frontend.fullname" . }} + apiGroup: rbac.authorization.k8s.io +subjects: + - kind: ServiceAccount + name: {{ include "thanos.query-frontend.serviceAccountName" . }} + namespace: {{ include "common.names.namespace" . }} +{{- end }} diff --git a/charts/thanos/templates/query-frontend/psp.yaml b/charts/thanos/templates/query-frontend/psp.yaml new file mode 100644 index 0000000000..7f841d94fc --- /dev/null +++ b/charts/thanos/templates/query-frontend/psp.yaml @@ -0,0 +1,31 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and (include "common.capabilities.psp.supported" .) .Values.queryFrontend.enabled .Values.queryFrontend.pspEnabled .Values.queryFrontend.rbac.create -}} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ include "thanos.query-frontend.fullname" . }} + namespace: {{ include "common.names.namespace" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: query-frontend + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + fsGroup: + rule: RunAsAny + runAsUser: + ranges: + - max: 1001 + min: 1001 + rule: MustRunAs + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + volumes: + - secret +{{- end -}} diff --git a/charts/thanos/templates/query-frontend/service.yaml b/charts/thanos/templates/query-frontend/service.yaml new file mode 100644 index 0000000000..7d6d0df8ef --- /dev/null +++ b/charts/thanos/templates/query-frontend/service.yaml @@ -0,0 +1,55 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.queryFrontend.enabled -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "thanos.query-frontend.fullname" . }} + namespace: {{ include "common.names.namespace" . }} + {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.queryFrontend.service.labels .Values.commonLabels ) "context" . ) }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: query-frontend + {{- include "thanos.servicemonitor.matchLabels" . | nindent 4 -}} + {{- if or .Values.queryFrontend.service.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.queryFrontend.service.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.queryFrontend.service.type }} + {{- if and .Values.queryFrontend.service.clusterIP (eq .Values.queryFrontend.service.type "ClusterIP") }} + clusterIP: {{ .Values.queryFrontend.service.clusterIP }} + {{- end }} + {{- if ne .Values.queryFrontend.service.type "ClusterIP" }} + externalTrafficPolicy: {{ .Values.queryFrontend.service.externalTrafficPolicy }} + {{- end }} + {{- if and .Values.queryFrontend.service.loadBalancerIP (eq .Values.queryFrontend.service.type "LoadBalancer") }} + loadBalancerIP: {{ .Values.queryFrontend.service.loadBalancerIP }} + {{- end }} + {{- if and (eq .Values.queryFrontend.service.type "LoadBalancer") .Values.queryFrontend.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{- toYaml .Values.queryFrontend.service.loadBalancerSourceRanges | nindent 4 }} + {{- end }} + ports: + - port: {{ .Values.queryFrontend.service.ports.http }} + targetPort: http + protocol: TCP + name: http + {{- if and (or (eq .Values.queryFrontend.service.type "NodePort") (eq .Values.queryFrontend.service.type "LoadBalancer")) .Values.queryFrontend.service.nodePorts.http }} + nodePort: {{ .Values.queryFrontend.service.nodePorts.http }} + {{- else if eq .Values.queryFrontend.service.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- if .Values.queryFrontend.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.queryFrontend.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: + {{- if .Values.queryFrontend.service.labelSelectorsOverride }} + {{- include "common.tplvalues.render" (dict "value" .Values.queryFrontend.service.labelSelectorsOverride "context" $) | nindent 4 }} + {{- else }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.queryFrontend.podLabels .Values.commonLabels ) "context" . ) }} + {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: query-frontend + {{- end }} +{{- end }} diff --git a/charts/thanos/templates/query-frontend/serviceaccount.yaml b/charts/thanos/templates/query-frontend/serviceaccount.yaml new file mode 100644 index 0000000000..cdd1a341c6 --- /dev/null +++ b/charts/thanos/templates/query-frontend/serviceaccount.yaml @@ -0,0 +1,19 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.queryFrontend.enabled .Values.queryFrontend.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "thanos.query-frontend.serviceAccountName" . }} + namespace: {{ include "common.names.namespace" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: query-frontend + {{- if or .Values.queryFrontend.serviceAccount.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.queryFrontend.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.queryFrontend.serviceAccount.automountServiceAccountToken }} +{{- end }} diff --git a/charts/thanos/templates/query-frontend/servicemonitor.yaml b/charts/thanos/templates/query-frontend/servicemonitor.yaml new file mode 100644 index 0000000000..64d49179ab --- /dev/null +++ b/charts/thanos/templates/query-frontend/servicemonitor.yaml @@ -0,0 +1,49 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.queryFrontend.enabled .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "thanos.query-frontend.fullname" . }} + namespace: {{ default .Release.Namespace .Values.metrics.serviceMonitor.namespace | quote }} + {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.serviceMonitor.labels .Values.commonLabels ) "context" . ) }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: query-frontend + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.metrics.serviceMonitor.jobLabel }} + jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel }} + {{- end }} + endpoints: + - port: http + {{- if .Values.metrics.serviceMonitor.interval }} + interval: {{ .Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: {{ toYaml .Values.metrics.serviceMonitor.metricRelabelings | nindent 8 }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.relabelings }} + relabelings: {{ toYaml .Values.metrics.serviceMonitor.relabelings | nindent 8 }} + {{- end }} + {{- if .Values.https.enabled }} + scheme: https + {{- end }} + {{- if .Values.metrics.serviceMonitor.extraParameters }} + {{- toYaml .Values.metrics.serviceMonitor.extraParameters | nindent 6 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace | quote }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: query-frontend + {{- include "thanos.servicemonitor.selector" . | nindent 6 -}} +{{- end }} diff --git a/charts/thanos/templates/query-frontend/tls-secrets.yaml b/charts/thanos/templates/query-frontend/tls-secrets.yaml new file mode 100644 index 0000000000..05559e7e2f --- /dev/null +++ b/charts/thanos/templates/query-frontend/tls-secrets.yaml @@ -0,0 +1,46 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.queryFrontend.ingress.enabled }} +{{- if .Values.queryFrontend.ingress.secrets }} +{{- range .Values.queryFrontend.ingress.secrets }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" $ }}-query-frontend + namespace: {{ include "common.names.namespace" $ }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: query-frontend + {{- if $.Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + tls.crt: {{ .certificate | b64enc }} + tls.key: {{ .key | b64enc }} +--- +{{- end }} +{{- end }} +{{- if and .Values.queryFrontend.ingress.tls .Values.queryFrontend.ingress.selfSigned }} +{{- $secretName := printf "%s-tls" .Values.queryFrontend.ingress.hostname }} +{{- $ca := genCA "thanos-queryFrontend-ca" 365 }} +{{- $cert := genSignedCert .Values.queryFrontend.ingress.hostname nil (list .Values.queryFrontend.ingress.hostname) 365 $ca }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} + namespace: {{ include "common.names.namespace" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: query-frontend + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }} + tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }} + ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }} +{{- end }} +{{- end }} diff --git a/charts/thanos/templates/query/deployment.yaml b/charts/thanos/templates/query/deployment.yaml new file mode 100644 index 0000000000..ccec7d58bb --- /dev/null +++ b/charts/thanos/templates/query/deployment.yaml @@ -0,0 +1,301 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.query.enabled }} +apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} +kind: Deployment +metadata: + name: {{ include "thanos.query.fullname" . }} + namespace: {{ include "common.names.namespace" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: query + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if not .Values.query.autoscaling.enabled }} + replicas: {{ .Values.query.replicaCount }} + {{- end }} + revisionHistoryLimit: {{ .Values.query.revisionHistoryLimit }} + {{- if .Values.query.updateStrategy }} + strategy: {{- toYaml .Values.query.updateStrategy | nindent 4 }} + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.query.podLabels .Values.commonLabels ) "context" . ) }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: query + template: + metadata: + labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }} + app.kubernetes.io/component: query + {{- if or .Values.query.podAnnotations (include "thanos.query.createSDConfigmap" .) }} + annotations: + {{- if (include "thanos.query.createSDConfigmap" .) }} + checksum/query-sd-configuration: {{ include "thanos.querySDConfigMap" . | sha256sum }} + {{- end }} + {{- if .Values.query.podAnnotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.query.podAnnotations "context" $) | nindent 8 }} + {{- end }} + {{- end }} + spec: + {{- include "thanos.imagePullSecrets" . | nindent 6 }} + serviceAccountName: {{ include "thanos.query.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.query.automountServiceAccountToken }} + {{- if .Values.query.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.query.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.query.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.query.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.query.podAffinityPreset "component" "query" "customLabels" $podLabels "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.query.podAntiAffinityPreset "component" "query" "topologyKey" .Values.query.podAntiAffinityPresetTopologyKey "customLabels" $podLabels "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.query.nodeAffinityPreset.type "key" .Values.query.nodeAffinityPreset.key "values" .Values.query.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.query.dnsConfig }} + dnsConfig: {{- include "common.tplvalues.render" (dict "value" .Values.query.dnsConfig "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.query.dnsPolicy }} + dnsPolicy: {{ .Values.query.dnsPolicy | quote }} + {{- end }} + {{- if .Values.query.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.query.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.query.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.query.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.query.priorityClassName }} + priorityClassName: {{ .Values.query.priorityClassName | quote }} + {{- end }} + {{- if .Values.query.schedulerName }} + schedulerName: {{ .Values.query.schedulerName }} + {{- end }} + {{- if .Values.query.podSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.query.podSecurityContext "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.query.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.query.topologySpreadConstraints "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.query.initContainers }} + initContainers: {{- include "common.tplvalues.render" (dict "value" .Values.query.initContainers "context" $) | nindent 8 }} + {{- end }} + containers: + {{- if .Values.query.sidecars }} + {{- include "common.tplvalues.render" (dict "value" .Values.query.sidecars "context" $) | nindent 8 }} + {{- end }} + - name: query + image: {{ include "thanos.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.query.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.query.containerSecurityContext "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.query.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.query.command "context" $) | nindent 12 }} + {{- end }} + args: + {{- if .Values.query.args }} + {{- include "common.tplvalues.render" (dict "value" .Values.query.args "context" $) | nindent 12 }} + {{- else }} + - query + - --log.level={{ .Values.query.logLevel }} + - --log.format={{ .Values.query.logFormat }} + - --grpc-address=0.0.0.0:10901 + - --http-address=0.0.0.0:10902 + {{- if (include "thanos.httpConfigEnabled" .) }} + - --http.config=/conf/http/http-config.yml + {{- end }} + {{- if kindIs "string" .Values.query.replicaLabel }} + - --query.replica-label={{ .Values.query.replicaLabel }} + {{- else }} + {{- range .Values.query.replicaLabel }} + - --query.replica-label={{ . }} + {{- end }} + {{- end }} + {{- if or (include "thanos.query.createSDConfigmap" .) .Values.query.existingSDConfigmap }} + - --store.sd-files=/conf/sd/servicediscovery.yml + {{- end }} + {{- if and .Values.query.dnsDiscovery.enabled .Values.query.dnsDiscovery.sidecarsService .Values.query.dnsDiscovery.sidecarsNamespace }} + - --endpoint=dnssrv+_grpc._tcp.{{- include "common.tplvalues.render" ( dict "value" .Values.query.dnsDiscovery.sidecarsService "context" $) -}}.{{- include "common.tplvalues.render" ( dict "value" .Values.query.dnsDiscovery.sidecarsNamespace "context" $) -}}.svc.{{ .Values.clusterDomain }} + {{- end }} + {{- if and .Values.storegateway.enabled .Values.storegateway.sharded.enabled }} + {{- $shards := int 0 }} + {{- if .Values.storegateway.sharded.hashPartitioning.shards }} + {{- $shards = int .Values.storegateway.sharded.hashPartitioning.shards }} + {{- else }} + {{- $shards = len .Values.storegateway.sharded.timePartitioning }} + {{- end }} + {{- range $index, $_ := until $shards }} + {{- if $.Values.storegateway.useEndpointGroup }} + - --endpoint-group={{ include "common.names.fullname" $ }}-storegateway-{{ toString $index }}.{{ $.Release.Namespace }}.svc.{{ $.Values.clusterDomain }}:{{ $.Values.storegateway.service.ports.grpc }} + {{- else }} + - --endpoint=dnssrv+_grpc._tcp.{{ include "common.names.fullname" $ }}-storegateway-{{ toString $index }}.{{ $.Release.Namespace }}.svc.{{ $.Values.clusterDomain }} + {{- end }} + {{- end }} + {{- end }} + {{- if and .Values.storegateway.enabled .Values.query.dnsDiscovery.enabled (not .Values.storegateway.sharded.enabled ) }} + {{- if .Values.storegateway.useEndpointGroup }} + - --endpoint-group={{ include "thanos.storegateway.fullname" . }}{{ if .Values.storegateway.service.additionalHeadless }}-headless{{ end }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}:{{ .Values.storegateway.service.ports.grpc }} + {{- else }} + - --endpoint=dnssrv+_grpc._tcp.{{ include "thanos.storegateway.fullname" . }}{{ if .Values.storegateway.service.additionalHeadless }}-headless{{ end }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} + {{- end }} + {{- end }} + {{- if and .Values.ruler.enabled .Values.query.dnsDiscovery.enabled }} + - --endpoint=dnssrv+_grpc._tcp.{{ include "thanos.ruler.fullname" . }}{{ if .Values.ruler.service.additionalHeadless }}-headless{{ end }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} + {{- end }} + {{- if and .Values.receive.enabled .Values.query.dnsDiscovery.enabled }} + - --endpoint=dnssrv+_grpc._tcp.{{ include "thanos.receive.fullname" . }}{{ if .Values.receive.service.additionalHeadless }}-headless{{ end }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} + {{- end }} + {{- range .Values.query.stores }} + - --endpoint={{ . }} + {{- end }} + {{- if .Values.query.grpc.server.tls.enabled }} + - --grpc-server-tls-cert=/certs/server/{{ include "common.secrets.key" (dict "existingSecret" .Values.query.grpc.server.tls.existingSecret "key" "tls-cert") }} + - --grpc-server-tls-key=/certs/server/{{ include "common.secrets.key" (dict "existingSecret" .Values.query.grpc.server.tls.existingSecret "key" "tls-key") }} + {{- if .Values.query.grpc.server.tls.clientAuthEnabled }} + - --grpc-server-tls-client-ca=/certs/server/{{ include "common.secrets.key" (dict "existingSecret" .Values.query.grpc.server.tls.existingSecret "key" "ca-cert") }} + {{- end }} + {{- end }} + {{- if .Values.query.grpc.client.tls.enabled }} + - --grpc-client-tls-secure + - --grpc-client-tls-cert=/certs/client/{{ include "common.secrets.key" (dict "existingSecret" .Values.query.grpc.client.tls.existingSecret "key" "tls-cert") }} + - --grpc-client-tls-key=/certs/client/{{ include "common.secrets.key" (dict "existingSecret" .Values.query.grpc.client.tls.existingSecret "key" "tls-key") }} + - --grpc-client-tls-ca=/certs/client/{{ include "common.secrets.key" (dict "existingSecret" .Values.query.grpc.client.tls.existingSecret "key" "ca-cert") }} + {{- if .Values.query.grpc.client.tls.autoGenerated }} + - --grpc-client-tls-skip-verify + {{- end }} + {{- end }} + {{- if .Values.query.grpc.client.serverName }} + - --grpc-client-server-name={{ .Values.query.grpc.client.serverName }} + {{- end }} + - --alert.query-url={{- template "thanos.ruler.queryURL" .}} + {{- if .Values.query.extraFlags }} + {{- include "common.tplvalues.render" (dict "value" .Values.query.extraFlags "context" $) | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.query.extraEnvVars }} + env: {{- include "common.tplvalues.render" (dict "value" .Values.query.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + {{- if or .Values.query.extraEnvVarsCM .Values.query.extraEnvVarsSecret }} + envFrom: + {{- if .Values.query.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.query.extraEnvVarsCM "context" $) }} + {{- end }} + {{- if .Values.query.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.query.extraEnvVarsSecret "context" $) }} + {{- end }} + {{- end }} + ports: + - name: http + containerPort: 10902 + protocol: TCP + - name: grpc + containerPort: 10901 + protocol: TCP + {{- if .Values.query.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.query.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.query.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.query.livenessProbe "enabled") "context" $) | nindent 12 }} + {{- if not .Values.auth.basicAuthUsers }} + httpGet: + path: /-/healthy + port: http + scheme: {{ ternary "HTTPS" "HTTP" .Values.https.enabled }} + {{- else }} + tcpSocket: + port: http + {{- end }} + {{- end }} + {{- if .Values.query.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.query.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.query.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.query.readinessProbe "enabled") "context" $) | nindent 12 }} + {{- if not .Values.auth.basicAuthUsers }} + httpGet: + path: /-/ready + port: http + scheme: {{ ternary "HTTPS" "HTTP" .Values.https.enabled }} + {{- else }} + tcpSocket: + port: http + {{- end }} + {{- end }} + {{- if .Values.query.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.query.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.query.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.query.startupProbe "enabled") "context" $) | nindent 12 }} + {{- if not .Values.auth.basicAuthUsers }} + httpGet: + path: /-/ready + port: http + scheme: {{ ternary "HTTPS" "HTTP" .Values.https.enabled }} + {{- else }} + tcpSocket: + port: http + {{- end }} + {{- end }} + {{- if .Values.query.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.query.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.query.resources }} + resources: {{- toYaml .Values.query.resources | nindent 12 }} + {{- else if ne .Values.query.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.query.resourcesPreset) | nindent 12 }} + {{- end }} + volumeMounts: + {{- if (include "thanos.httpConfigEnabled" .) }} + - name: http-config + mountPath: /conf/http + {{- if .Values.https.enabled }} + - name: http-certs + mountPath: /certs + {{- end }} + {{- end }} + {{- if or (include "thanos.query.createSDConfigmap" .) .Values.query.existingSDConfigmap }} + - name: sd-config + mountPath: /conf/sd + {{- end }} + {{- if .Values.query.grpc.server.tls.enabled }} + - name: grpc-server-tls + mountPath: /certs/server + {{- end }} + {{- if .Values.query.grpc.client.tls.enabled }} + - name: grpc-client-tls + mountPath: /certs/client + {{- end }} + {{- if .Values.query.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.query.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + volumes: + {{- if (include "thanos.httpConfigEnabled" .) }} + - name: http-config + secret: + secretName: {{ include "thanos.httpConfigSecretName" . }} + {{- if .Values.https.enabled }} + - name: http-certs + secret: + secretName: {{ include "thanos.httpCertsSecretName" . }} + {{- end }} + {{- end }} + {{- if or (include "thanos.query.createSDConfigmap" .) .Values.query.existingSDConfigmap }} + - name: sd-config + configMap: + name: {{ include "thanos.query.SDConfigmapName" . }} + {{- end }} + {{- if .Values.query.grpc.server.tls.enabled }} + - name: grpc-server-tls + secret: + secretName: {{ include "common.secrets.name" (dict "existingSecret" .Values.query.grpc.server.tls.existingSecret "defaultNameSuffix" "query-grpc-server" "context" $) }} + {{- end }} + {{- if .Values.query.grpc.client.tls.enabled }} + - name: grpc-client-tls + secret: + secretName: {{ include "common.secrets.name" (dict "existingSecret" .Values.query.grpc.client.tls.existingSecret "defaultNameSuffix" "query-grpc-client" "context" $) }} + {{- end }} + {{- if .Values.query.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.query.extraVolumes "context" $) | nindent 8 }} + {{- end }} +{{- end }} diff --git a/charts/thanos/templates/query/hpa.yaml b/charts/thanos/templates/query/hpa.yaml new file mode 100644 index 0000000000..75db94fc1f --- /dev/null +++ b/charts/thanos/templates/query/hpa.yaml @@ -0,0 +1,49 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.query.enabled .Values.query.autoscaling.enabled }} +apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ ) }} +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "thanos.query.fullname" . }} + namespace: {{ include "common.names.namespace" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: query + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + scaleTargetRef: + apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} + kind: Deployment + name: {{ include "thanos.query.fullname" . }} + minReplicas: {{ .Values.query.autoscaling.minReplicas }} + maxReplicas: {{ .Values.query.autoscaling.maxReplicas }} + metrics: + {{- if .Values.query.autoscaling.targetMemory }} + - type: Resource + resource: + name: memory + {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} + targetAverageUtilization: {{ .Values.query.autoscaling.targetMemory }} + {{- else }} + target: + type: Utilization + averageUtilization: {{ .Values.query.autoscaling.targetMemory }} + {{- end }} + {{- end }} + {{- if .Values.query.autoscaling.targetCPU }} + - type: Resource + resource: + name: cpu + {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} + targetAverageUtilization: {{ .Values.query.autoscaling.targetCPU }} + {{- else }} + target: + type: Utilization + averageUtilization: {{ .Values.query.autoscaling.targetCPU }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/thanos/templates/query/ingress-grpc.yaml b/charts/thanos/templates/query/ingress-grpc.yaml new file mode 100644 index 0000000000..a2c6abe2de --- /dev/null +++ b/charts/thanos/templates/query/ingress-grpc.yaml @@ -0,0 +1,57 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.query.ingress.grpc.enabled -}} +apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} +kind: Ingress +metadata: + name: {{ include "common.names.fullname" . }}-grpc + namespace: {{ include "common.names.namespace" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: query + {{- if or .Values.query.ingress.grpc.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.query.ingress.grpc.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.query.ingress.grpc.ingressClassName (include "common.ingress.supportsIngressClassname" .) }} + ingressClassName: {{ .Values.query.ingress.grpc.ingressClassName | quote }} + {{- end }} + rules: + {{- if .Values.query.ingress.grpc.hostname }} + - host: {{ include "common.tplvalues.render" ( dict "value" .Values.query.ingress.grpc.hostname "context" $ ) }} + http: + paths: + - path: {{ .Values.query.ingress.grpc.path }} + {{- if eq "true" (include "common.ingress.supportsPathType" .) }} + pathType: {{ .Values.query.ingress.grpc.pathType }} + {{- end }} + backend: {{- include "common.ingress.backend" (dict "serviceName" (printf "%s-%s" (include "common.names.fullname" .) "query-grpc") "servicePort" "grpc" "context" $) | nindent 14 }} + {{- end }} + {{- range .Values.query.ingress.grpc.extraHosts }} + - host: {{ .name }} + http: + paths: + - path: {{ default "/" .path }} + {{- if eq "true" (include "common.ingress.supportsPathType" $) }} + pathType: {{ default "ImplementationSpecific" .pathType }} + {{- end }} + backend: {{- include "common.ingress.backend" (dict "serviceName" (printf "%s-%s" (include "common.names.fullname" $) "query-grpc") "servicePort" "grpc" "context" $) | nindent 14 }} + {{- end }} + {{- if .Values.query.ingress.grpc.extraRules }} + {{- include "common.tplvalues.render" (dict "value" .Values.query.ingress.grpc.extraRules "context" $) | nindent 4 }} + {{- end }} + {{- if or (and .Values.query.ingress.grpc.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.query.ingress.grpc.annotations )) .Values.query.ingress.grpc.selfSigned)) .Values.query.ingress.grpc.extraTls }} + tls: + {{- if and .Values.query.ingress.grpc.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.query.ingress.grpc.annotations )) .Values.query.ingress.grpc.selfSigned) }} + - hosts: + - {{ .Values.query.ingress.grpc.hostname }} + secretName: {{ .Values.query.ingress.grpc.secretName | default (printf "%s-tls" .Values.query.ingress.grpc.hostname) }} + {{- end }} + {{- if .Values.query.ingress.grpc.extraTls }} + {{- include "common.tplvalues.render" (dict "value" .Values.query.ingress.grpc.extraTls "context" $) | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/thanos/templates/query/ingress.yaml b/charts/thanos/templates/query/ingress.yaml new file mode 100644 index 0000000000..258e493eb1 --- /dev/null +++ b/charts/thanos/templates/query/ingress.yaml @@ -0,0 +1,57 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.query.enabled .Values.query.ingress.enabled -}} +apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} +kind: Ingress +metadata: + name: {{ include "thanos.query.fullname" . }} + namespace: {{ include "common.names.namespace" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: query + {{- if or .Values.query.ingress.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.query.ingress.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.query.ingress.ingressClassName (include "common.ingress.supportsIngressClassname" .) }} + ingressClassName: {{ .Values.query.ingress.ingressClassName | quote }} + {{- end }} + rules: + {{- if .Values.query.ingress.hostname }} + - host: {{ include "common.tplvalues.render" ( dict "value" .Values.query.ingress.hostname "context" $ ) }} + http: + paths: + - path: {{ .Values.query.ingress.path }} + {{- if eq "true" (include "common.ingress.supportsPathType" .) }} + pathType: {{ .Values.query.ingress.pathType }} + {{- end }} + backend: {{- include "common.ingress.backend" (dict "serviceName" (printf "%s-%s" (include "common.names.fullname" .) "query") "servicePort" "http" "context" $) | nindent 14 }} + {{- end }} + {{- range .Values.query.ingress.extraHosts }} + - host: {{ .name }} + http: + paths: + - path: {{ default "/" .path }} + {{- if eq "true" (include "common.ingress.supportsPathType" $) }} + pathType: {{ default "ImplementationSpecific" .pathType }} + {{- end }} + backend: {{- include "common.ingress.backend" (dict "serviceName" (printf "%s-%s" (include "common.names.fullname" $) "query") "servicePort" "http" "context" $) | nindent 14 }} + {{- end }} + {{- if .Values.query.ingress.extraRules }} + {{- include "common.tplvalues.render" (dict "value" .Values.query.ingress.extraRules "context" $) | nindent 4 }} + {{- end }} + {{- if or (and .Values.query.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.query.ingress.annotations )) .Values.query.ingress.selfSigned)) .Values.query.ingress.extraTls }} + tls: + {{- if and .Values.query.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.query.ingress.annotations )) .Values.query.ingress.selfSigned) }} + - hosts: + - {{ .Values.query.ingress.hostname }} + secretName: {{ .Values.query.ingress.secretName | default (printf "%s-tls" .Values.query.ingress.hostname) }} + {{- end }} + {{- if .Values.query.ingress.extraTls }} + {{- include "common.tplvalues.render" (dict "value" .Values.query.ingress.extraTls "context" $) | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/thanos/templates/query/networkpolicy.yaml b/charts/thanos/templates/query/networkpolicy.yaml new file mode 100644 index 0000000000..78ddada664 --- /dev/null +++ b/charts/thanos/templates/query/networkpolicy.yaml @@ -0,0 +1,124 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.query.enabled .Values.query.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} +metadata: + name: {{ template "thanos.query.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: query + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.query.podLabels .Values.commonLabels ) "context" . ) }} + podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: query + policyTypes: + - Ingress + - Egress + {{- if .Values.query.networkPolicy.allowExternalEgress }} + egress: + - {} + {{- else }} + egress: + # Allow dns resolution + - ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + # Communicate with other query instances via headless service + - ports: + - port: {{ .Values.query.containerPorts.http }} + - port: {{ .Values.query.containerPorts.grpc }} + to: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }} + app.kubernetes.io/component: query + {{- if .Values.minio.enabled }} + # Communicate with minio + - ports: + - port: {{ .Values.minio.service.ports.api }} + - port: {{ .Values.minio.service.ports.api }} + to: + - podSelector: + matchLabels: + app.kubernetes.io/name: minio + app.kubernetes.io/instance: {{ .Release.Name }} + {{- end }} + {{- if .Values.queryFrontend.enabled }} + # Communicate with query-frontend + - ports: + - port: {{ .Values.queryFrontend.service.ports.http }} + - port: {{ .Values.queryFrontend.containerPorts.http }} + to: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }} + app.kubernetes.io/component: query-frontend + {{- end }} + {{- if .Values.storegateway.enabled }} + # Communicate with storegateway + - ports: + - port: {{ .Values.storegateway.service.ports.grpc }} + - port: {{ .Values.storegateway.containerPorts.grpc }} + to: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }} + app.kubernetes.io/component: storegateway + {{- end }} + {{- if .Values.receive.enabled }} + # Communicate with receive + - ports: + - port: {{ .Values.queryFrontend.service.ports.grpc }} + - port: {{ .Values.queryFrontend.containerPorts.grpc }} + to: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }} + {{- if eq .Values.receive.mode "dual-mode" }} + app.kubernetes.io/component: receive-distributor + {{ else }} + app.kubernetes.io/component: receive + {{ end }} + {{- end }} + {{- if .Values.query.networkPolicy.extraEgress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.query.networkPolicy.extraEgress "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} + ingress: + - ports: + - port: {{ .Values.query.containerPorts.http }} + - port: {{ .Values.query.containerPorts.grpc }} + - port: {{ .Values.query.service.ports.http }} + - port: {{ .Values.query.serviceGrpc.ports.grpc }} + {{- if not .Values.query.networkPolicy.allowExternal }} + from: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} + - podSelector: + matchLabels: + {{ template "thanos.query.fullname" . }}-client: "true" + {{- if .Values.query.networkPolicy.ingressNSMatchLabels }} + - namespaceSelector: + matchLabels: + {{- range $key, $value := .Values.query.networkPolicy.ingressNSMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- if .Values.query.networkPolicy.ingressNSPodMatchLabels }} + podSelector: + matchLabels: + {{- range $key, $value := .Values.query.networkPolicy.ingressNSPodMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.query.networkPolicy.extraIngress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.query.networkPolicy.extraIngress "context" $ ) | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/thanos/templates/query/pdb.yaml b/charts/thanos/templates/query/pdb.yaml new file mode 100644 index 0000000000..c173e505be --- /dev/null +++ b/charts/thanos/templates/query/pdb.yaml @@ -0,0 +1,28 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.query.enabled .Values.query.pdb.create }} +apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} +kind: PodDisruptionBudget +metadata: + name: {{ include "thanos.query.fullname" . }} + namespace: {{ include "common.names.namespace" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: query + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.query.pdb.minAvailable }} + minAvailable: {{ .Values.query.pdb.minAvailable }} + {{- end }} + {{- if or .Values.query.pdb.maxUnavailable ( not .Values.query.pdb.minAvailable ) }} + maxUnavailable: {{ .Values.query.pdb.maxUnavailable | default 1 }} + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.query.podLabels .Values.commonLabels ) "context" . ) }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: query +{{- end }} diff --git a/charts/thanos/templates/query/psp-clusterrole.yaml b/charts/thanos/templates/query/psp-clusterrole.yaml new file mode 100644 index 0000000000..dfe7b3955d --- /dev/null +++ b/charts/thanos/templates/query/psp-clusterrole.yaml @@ -0,0 +1,25 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and (include "common.capabilities.psp.supported" .) .Values.query.enabled .Values.query.pspEnabled .Values.query.rbac.create }} +apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} +kind: ClusterRole +metadata: + name: {{ include "thanos.query.fullname" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: query + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +rules: + - apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ include "thanos.query.fullname" . }} + {{- if .Values.query.rbac.rules }} + {{- include "common.tplvalues.render" ( dict "value" .Values.query.rbac.rules "context" $ ) | nindent 2 }} + {{- end }} +{{- end }} diff --git a/charts/thanos/templates/query/psp-clusterrolebinding.yaml b/charts/thanos/templates/query/psp-clusterrolebinding.yaml new file mode 100644 index 0000000000..4e80c6015e --- /dev/null +++ b/charts/thanos/templates/query/psp-clusterrolebinding.yaml @@ -0,0 +1,24 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and (include "common.capabilities.psp.supported" .) .Values.query.enabled .Values.query.pspEnabled .Values.query.rbac.create }} +apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} +kind: ClusterRoleBinding +metadata: + name: {{ include "thanos.query.fullname" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: query + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +roleRef: + kind: ClusterRole + name: {{ include "thanos.query.fullname" . }} + apiGroup: rbac.authorization.k8s.io +subjects: + - kind: ServiceAccount + name: {{ include "thanos.query.serviceAccountName" . }} + namespace: {{ include "common.names.namespace" . }} +{{- end }} diff --git a/charts/thanos/templates/query/psp.yaml b/charts/thanos/templates/query/psp.yaml new file mode 100644 index 0000000000..ff81e7bb79 --- /dev/null +++ b/charts/thanos/templates/query/psp.yaml @@ -0,0 +1,31 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and (include "common.capabilities.psp.supported" .) .Values.query.enabled .Values.query.pspEnabled .Values.query.rbac.create -}} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ include "thanos.query.fullname" . }} + namespace: {{ include "common.names.namespace" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: query + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + fsGroup: + rule: RunAsAny + runAsUser: + ranges: + - max: 1001 + min: 1001 + rule: MustRunAs + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + volumes: + - secret +{{- end -}} diff --git a/charts/thanos/templates/query/sd-configmap.yaml b/charts/thanos/templates/query/sd-configmap.yaml new file mode 100644 index 0000000000..6343b777c0 --- /dev/null +++ b/charts/thanos/templates/query/sd-configmap.yaml @@ -0,0 +1,19 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if (include "thanos.query.createSDConfigmap" .) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "thanos.query.fullname" . }}-sd + namespace: {{ include "common.names.namespace" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: query + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + {{- include "thanos.querySDConfigMap" . | nindent 2 }} +{{ end }} diff --git a/charts/thanos/templates/query/service-grpc-headless.yaml b/charts/thanos/templates/query/service-grpc-headless.yaml new file mode 100644 index 0000000000..cceaf5977b --- /dev/null +++ b/charts/thanos/templates/query/service-grpc-headless.yaml @@ -0,0 +1,37 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.query.enabled .Values.query.serviceGrpc.additionalHeadless }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "thanos.query.fullname" . }}-grpc-headless + namespace: {{ include "common.names.namespace" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: query + {{- if or .Values.query.serviceGrpc.headless.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.query.serviceGrpc.headless.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + type: ClusterIP + clusterIP: None + ports: + - port: {{ .Values.query.serviceGrpc.ports.grpc }} + targetPort: grpc + protocol: TCP + name: grpc + {{- if .Values.query.serviceGrpc.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.query.serviceGrpc.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: + {{- if .Values.query.serviceGrpc.labelSelectorsOverride }} + {{- include "common.tplvalues.render" (dict "value" .Values.query.serviceGrpc.labelSelectorsOverride "context" $) | nindent 4 }} + {{- else }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.query.podLabels .Values.commonLabels ) "context" . ) }} + {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: query + {{- end }} +{{- end }} diff --git a/charts/thanos/templates/query/service-grpc.yaml b/charts/thanos/templates/query/service-grpc.yaml new file mode 100644 index 0000000000..0b4963613d --- /dev/null +++ b/charts/thanos/templates/query/service-grpc.yaml @@ -0,0 +1,54 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.query.enabled -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "thanos.query.fullname" . }}-grpc + namespace: {{ include "common.names.namespace" . }} + {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.query.serviceGrpc.labels .Values.commonLabels ) "context" . ) }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: query + {{- if or .Values.query.serviceGrpc.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.query.serviceGrpc.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.query.serviceGrpc.type }} + {{- if and .Values.query.serviceGrpc.clusterIP (eq .Values.query.serviceGrpc.type "ClusterIP") }} + clusterIP: {{ .Values.query.serviceGrpc.clusterIP }} + {{- end }} + {{- if ne .Values.query.serviceGrpc.type "ClusterIP" }} + externalTrafficPolicy: {{ .Values.query.serviceGrpc.externalTrafficPolicy }} + {{- end }} + {{- if and .Values.query.serviceGrpc.loadBalancerIP (eq .Values.query.serviceGrpc.type "LoadBalancer") }} + loadBalancerIP: {{ .Values.query.serviceGrpc.loadBalancerIP }} + {{- end }} + {{- if and (eq .Values.query.serviceGrpc.type "LoadBalancer") .Values.query.serviceGrpc.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{- toYaml .Values.query.serviceGrpc.loadBalancerSourceRanges | nindent 4 }} + {{- end }} + ports: + - port: {{ .Values.query.serviceGrpc.ports.grpc }} + targetPort: grpc + protocol: TCP + name: grpc + {{- if and (or (eq .Values.query.serviceGrpc.type "NodePort") (eq .Values.query.serviceGrpc.type "LoadBalancer")) .Values.query.serviceGrpc.nodePorts.grpc }} + nodePort: {{ .Values.query.serviceGrpc.nodePorts.grpc }} + {{- else if eq .Values.query.serviceGrpc.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- if .Values.query.serviceGrpc.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.query.serviceGrpc.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: + {{- if .Values.query.serviceGrpc.labelSelectorsOverride }} + {{- include "common.tplvalues.render" (dict "value" .Values.query.serviceGrpc.labelSelectorsOverride "context" $) | nindent 4 }} + {{- else }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.query.podLabels .Values.commonLabels ) "context" . ) }} + {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: query + {{- end }} +{{- end }} diff --git a/charts/thanos/templates/query/service-headless.yaml b/charts/thanos/templates/query/service-headless.yaml new file mode 100644 index 0000000000..b70b1ad258 --- /dev/null +++ b/charts/thanos/templates/query/service-headless.yaml @@ -0,0 +1,38 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.query.enabled .Values.query.service.additionalHeadless }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "thanos.query.fullname" . }}-headless + namespace: {{ include "common.names.namespace" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: query + {{- include "thanos.servicemonitor.matchLabels" . | nindent 4 -}} + {{- if or .Values.query.service.headless.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.query.service.headless.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + type: ClusterIP + clusterIP: None + ports: + - port: {{ .Values.query.service.ports.http }} + targetPort: http + protocol: TCP + name: http + {{- if .Values.query.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.query.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: + {{- if .Values.query.service.labelSelectorsOverride }} + {{- include "common.tplvalues.render" (dict "value" .Values.query.service.labelSelectorsOverride "context" $) | nindent 4 }} + {{- else }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.query.podLabels .Values.commonLabels ) "context" . ) }} + {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: query + {{- end }} +{{- end }} diff --git a/charts/thanos/templates/query/service.yaml b/charts/thanos/templates/query/service.yaml new file mode 100644 index 0000000000..724ec1b465 --- /dev/null +++ b/charts/thanos/templates/query/service.yaml @@ -0,0 +1,55 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.query.enabled -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "thanos.query.fullname" . }} + namespace: {{ include "common.names.namespace" . }} + {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.query.service.labels .Values.commonLabels ) "context" . ) }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: query + {{- include "thanos.servicemonitor.matchLabels" . | nindent 4 -}} + {{- if or .Values.query.service.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.query.service.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.query.service.type }} + {{- if and .Values.query.service.clusterIP (eq .Values.query.service.type "ClusterIP") }} + clusterIP: {{ .Values.query.service.clusterIP }} + {{- end }} + {{- if ne .Values.query.service.type "ClusterIP" }} + externalTrafficPolicy: {{ .Values.query.service.externalTrafficPolicy }} + {{- end }} + {{- if and .Values.query.service.loadBalancerIP (eq .Values.query.service.type "LoadBalancer") }} + loadBalancerIP: {{ .Values.query.service.loadBalancerIP }} + {{- end }} + {{- if and (eq .Values.query.service.type "LoadBalancer") .Values.query.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{- toYaml .Values.query.service.loadBalancerSourceRanges | nindent 4 }} + {{- end }} + ports: + - port: {{ .Values.query.service.ports.http }} + targetPort: http + protocol: TCP + name: http + {{- if and (or (eq .Values.query.service.type "NodePort") (eq .Values.query.service.type "LoadBalancer")) .Values.query.service.nodePorts.http }} + nodePort: {{ .Values.query.service.nodePorts.http }} + {{- else if eq .Values.query.service.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- if .Values.query.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.query.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: + {{- if .Values.query.service.labelSelectorsOverride }} + {{- include "common.tplvalues.render" (dict "value" .Values.query.service.labelSelectorsOverride "context" $) | nindent 4 }} + {{- else }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.query.podLabels .Values.commonLabels ) "context" . ) }} + {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: query + {{- end }} +{{- end }} diff --git a/charts/thanos/templates/query/serviceaccount.yaml b/charts/thanos/templates/query/serviceaccount.yaml new file mode 100644 index 0000000000..a249d7484e --- /dev/null +++ b/charts/thanos/templates/query/serviceaccount.yaml @@ -0,0 +1,19 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.query.enabled .Values.query.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "thanos.query.serviceAccountName" . }} + namespace: {{ include "common.names.namespace" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: query + {{- if or .Values.query.serviceAccount.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.query.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.query.serviceAccount.automountServiceAccountToken }} +{{- end }} diff --git a/charts/thanos/templates/query/servicemonitor.yaml b/charts/thanos/templates/query/servicemonitor.yaml new file mode 100644 index 0000000000..1e0c02f4dc --- /dev/null +++ b/charts/thanos/templates/query/servicemonitor.yaml @@ -0,0 +1,49 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.query.enabled .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "thanos.query.fullname" . }} + namespace: {{ default .Release.Namespace .Values.metrics.serviceMonitor.namespace | quote }} + {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.serviceMonitor.labels .Values.commonLabels ) "context" . ) }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: query + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.metrics.serviceMonitor.jobLabel }} + jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel }} + {{- end }} + endpoints: + - port: http + {{- if .Values.metrics.serviceMonitor.interval }} + interval: {{ .Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: {{ toYaml .Values.metrics.serviceMonitor.metricRelabelings | nindent 8 }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.relabelings }} + relabelings: {{ toYaml .Values.metrics.serviceMonitor.relabelings | nindent 8 }} + {{- end }} + {{- if .Values.https.enabled }} + scheme: https + {{- end }} + {{- if .Values.metrics.serviceMonitor.extraParameters }} + {{- toYaml .Values.metrics.serviceMonitor.extraParameters | nindent 6 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace | quote }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: query + {{- include "thanos.servicemonitor.selector" . | nindent 6 -}} +{{- end }} diff --git a/charts/thanos/templates/query/tls-secrets-grpc.yaml b/charts/thanos/templates/query/tls-secrets-grpc.yaml new file mode 100644 index 0000000000..6a1568bb86 --- /dev/null +++ b/charts/thanos/templates/query/tls-secrets-grpc.yaml @@ -0,0 +1,46 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and (.Values.query.ingress.grpc.enabled) (not .Values.query.ingress.grpc.secretName) }} +{{- if .Values.query.ingress.grpc.secrets }} +{{- range .Values.query.ingress.grpc.secrets }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" $ }}-grpc + namespace: {{ include "common.names.namespace" $ }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: query + {{- if $.Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + tls.crt: {{ .certificate | b64enc }} + tls.key: {{ .key | b64enc }} +--- +{{- end }} +{{- end }} +{{- if and .Values.query.ingress.grpc.tls .Values.query.ingress.grpc.selfSigned }} +{{- $secretName := printf "%s-tls" .Values.query.ingress.grpc.hostname }} +{{- $ca := genCA "thanos-query-ca" 365 }} +{{- $cert := genSignedCert .Values.query.ingress.grpc.hostname nil (list .Values.query.ingress.grpc.hostname) 365 $ca }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} + namespace: {{ include "common.names.namespace" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: query + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }} + tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }} + ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }} +{{- end }} +{{- end }} diff --git a/charts/thanos/templates/query/tls-secrets.yaml b/charts/thanos/templates/query/tls-secrets.yaml new file mode 100644 index 0000000000..9d17506871 --- /dev/null +++ b/charts/thanos/templates/query/tls-secrets.yaml @@ -0,0 +1,46 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and (.Values.query.ingress.enabled) (not .Values.query.ingress.secretName) }} +{{- if .Values.query.ingress.secrets }} +{{- range .Values.query.ingress.secrets }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" $ }}-query + namespace: {{ include "common.names.namespace" $ }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: query + {{- if $.Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + tls.crt: {{ .certificate | b64enc }} + tls.key: {{ .key | b64enc }} +--- +{{- end }} +{{- end }} +{{- if and .Values.query.ingress.tls .Values.query.ingress.selfSigned }} +{{- $secretName := printf "%s-tls" .Values.query.ingress.hostname }} +{{- $ca := genCA "thanos-query-ca" 365 }} +{{- $cert := genSignedCert .Values.query.ingress.hostname nil (list .Values.query.ingress.hostname) 365 $ca }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} + namespace: {{ include "common.names.namespace" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: query + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }} + tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }} + ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }} +{{- end }} +{{- end }} diff --git a/charts/thanos/templates/receive-distributor/deployment.yaml b/charts/thanos/templates/receive-distributor/deployment.yaml new file mode 100644 index 0000000000..68949d1979 --- /dev/null +++ b/charts/thanos/templates/receive-distributor/deployment.yaml @@ -0,0 +1,240 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.receive.enabled ( eq .Values.receive.mode "dual-mode" ) }} +apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} +kind: Deployment +metadata: + name: {{ include "thanos.receive-distributor.fullname" . }} + namespace: {{ include "common.names.namespace" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: receive-distributor + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if not .Values.receiveDistributor.autoscaling.enabled }} + replicas: {{ .Values.receiveDistributor.replicaCount }} + {{- end }} + revisionHistoryLimit: {{ .Values.receiveDistributor.revisionHistoryLimit }} + {{- if .Values.receiveDistributor.updateStrategy }} + strategy: {{- toYaml .Values.receiveDistributor.updateStrategy | nindent 4 }} + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.receiveDistributor.podLabels .Values.commonLabels ) "context" . ) }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: receive-distributor + template: + metadata: + labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }} + app.kubernetes.io/component: receive-distributor + {{- if or .Values.receiveDistributor.podAnnotations (include "thanos.receive.createConfigmap" .) (include "thanos.createObjstoreSecret" .) }} + annotations: + {{- if (include "thanos.createObjstoreSecret" .) }} + checksum/objstore-configuration: {{ include "thanos.objstoreConfig" . | sha256sum }} + {{- end }} + {{- if (include "thanos.receive.createConfigmap" .) }} + checksum/receive-configuration: {{ include "thanos.receiveConfigMap" . | sha256sum }} + {{- end }} + {{- if .Values.receiveDistributor.podAnnotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.receiveDistributor.podAnnotations "context" $) | nindent 8 }} + {{- end }} + {{- end }} + spec: + {{- include "thanos.imagePullSecrets" . | nindent 6 }} + serviceAccountName: {{ include "thanos.receive-distributor.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.receiveDistributor.automountServiceAccountToken }} + {{- if .Values.receiveDistributor.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.receiveDistributor.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.receiveDistributor.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.receiveDistributor.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.receiveDistributor.podAffinityPreset "component" "receive-distributor" "customLabels" $podLabels "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.receiveDistributor.podAntiAffinityPreset "component" "receive-distributor" "customLabels" $podLabels "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.receiveDistributor.nodeAffinityPreset.type "key" .Values.receiveDistributor.nodeAffinityPreset.key "values" .Values.receiveDistributor.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.receiveDistributor.dnsConfig }} + dnsConfig: {{- include "common.tplvalues.render" (dict "value" .Values.receiveDistributor.dnsConfig "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.receiveDistributor.dnsPolicy }} + dnsPolicy: {{ .Values.receiveDistributor.dnsPolicy | quote }} + {{- end }} + {{- if .Values.receiveDistributor.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.receiveDistributor.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.receiveDistributor.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.receiveDistributor.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.receiveDistributor.priorityClassName }} + priorityClassName: {{ .Values.receiveDistributor.priorityClassName | quote }} + {{- end }} + {{- if .Values.receiveDistributor.schedulerName }} + schedulerName: {{ .Values.receiveDistributor.schedulerName }} + {{- end }} + {{- if .Values.receiveDistributor.podSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.receiveDistributor.podSecurityContext "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.receiveDistributor.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.receiveDistributor.topologySpreadConstraints "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.receiveDistributor.initContainers }} + initContainers: {{- include "common.tplvalues.render" (dict "value" .Values.receiveDistributor.initContainers "context" $) | nindent 8 }} + {{- end }} + containers: + {{- if .Values.receiveDistributor.sidecars }} + {{- include "common.tplvalues.render" (dict "value" .Values.receiveDistributor.sidecars "context" $) | nindent 8 }} + {{- end }} + - name: receive + image: {{ include "thanos.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.receiveDistributor.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.receiveDistributor.containerSecurityContext "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.receiveDistributor.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.receiveDistributor.command "context" $) | nindent 12 }} + {{- end }} + args: + {{- if .Values.receiveDistributor.args }} + {{- include "common.tplvalues.render" (dict "value" .Values.receiveDistributor.args "context" $) | nindent 12 }} + {{- else }} + - receive + - --log.level={{ .Values.receiveDistributor.logLevel }} + - --log.format={{ .Values.receiveDistributor.logFormat }} + - --grpc-address=0.0.0.0:{{ .Values.receive.containerPorts.grpc }} + - --http-address=0.0.0.0:{{ .Values.receive.containerPorts.http }} + - --remote-write.address=0.0.0.0:{{ .Values.receive.containerPorts.remote }} + - --label={{ .Values.receiveDistributor.replicaLabel }}="$(NAME)" + - --label=receive="true" + - --receive.hashrings-file=/var/lib/thanos-receive/hashrings.json + - --receive.replication-factor={{ .Values.receiveDistributor.replicationFactor }} + {{- if (include "thanos.httpConfigEnabled" .) }} + - --http.config=/conf/http/http-config.yml + {{- end }} + {{- if .Values.receiveDistributor.extraFlags }} + {{- include "common.tplvalues.render" (dict "value" .Values.receiveDistributor.extraFlags "context" $) | nindent 12 }} + {{- end }} + {{- end }} + env: + - name: NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: OBJSTORE_CONFIG + valueFrom: + secretKeyRef: + key: objstore.yml + name: {{ include "thanos.objstoreSecretName" . }} + {{- if .Values.receiveDistributor.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.receiveDistributor.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + {{- if or .Values.receiveDistributor.extraEnvVarsCM .Values.receiveDistributor.extraEnvVarsSecret }} + envFrom: + {{- if .Values.receiveDistributor.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.receiveDistributor.extraEnvVarsCM "context" $) }} + {{- end }} + {{- if .Values.receiveDistributor.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.receiveDistributor.extraEnvVarsSecret "context" $) }} + {{- end }} + {{- end }} + ports: + - containerPort: {{ .Values.receive.service.ports.grpc }} + name: grpc + protocol: TCP + - containerPort: {{ .Values.receive.service.ports.http }} + name: http + protocol: TCP + - containerPort: {{ .Values.receive.service.ports.remote }} + name: remote-write + protocol: TCP + {{- if .Values.receiveDistributor.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.receiveDistributor.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.receiveDistributor.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.receiveDistributor.livenessProbe "enabled") "context" $) | nindent 12 }} + {{- if not .Values.auth.basicAuthUsers }} + httpGet: + path: /-/healthy + port: http + scheme: {{ ternary "HTTPS" "HTTP" .Values.https.enabled }} + {{- else }} + tcpSocket: + port: http + {{- end }} + {{- end }} + {{- if .Values.receiveDistributor.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.receiveDistributor.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.receiveDistributor.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.receiveDistributor.readinessProbe "enabled") "context" $) | nindent 12 }} + {{- if not .Values.auth.basicAuthUsers }} + httpGet: + path: /-/ready + port: http + scheme: {{ ternary "HTTPS" "HTTP" .Values.https.enabled }} + {{- else }} + tcpSocket: + port: http + {{- end }} + {{- end }} + {{- if .Values.receiveDistributor.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.receiveDistributor.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.receiveDistributor.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.receiveDistributor.startupProbe "enabled") "context" $) | nindent 12 }} + {{- if not .Values.auth.basicAuthUsers }} + httpGet: + path: /-/ready + port: http + scheme: {{ ternary "HTTPS" "HTTP" .Values.https.enabled }} + {{- else }} + tcpSocket: + port: http + {{- end }} + {{- end }} + {{- if .Values.receiveDistributor.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.receiveDistributor.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.receiveDistributor.resources }} + resources: {{- toYaml .Values.receiveDistributor.resources | nindent 12 }} + {{- else if ne .Values.receiveDistributor.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.receiveDistributor.resourcesPreset) | nindent 12 }} + {{- end }} + volumeMounts: + {{- if (include "thanos.httpConfigEnabled" .) }} + - name: http-config + mountPath: /conf/http + {{- if .Values.https.enabled }} + - name: http-certs + mountPath: /certs + {{- end }} + {{- end }} + - name: hashring-config + mountPath: /var/lib/thanos-receive + {{- if .Values.receiveDistributor.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.receiveDistributor.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + volumes: + - name: hashring-config + configMap: + name: {{ include "thanos.receive.configmapName" . }} + {{- if (include "thanos.httpConfigEnabled" .) }} + - name: http-config + secret: + secretName: {{ include "thanos.httpConfigSecretName" . }} + {{- if .Values.https.enabled }} + - name: http-certs + secret: + secretName: {{ include "thanos.httpCertsSecretName" . }} + {{- end }} + {{- end }} + {{- if .Values.receiveDistributor.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.receiveDistributor.extraVolumes "context" $) | nindent 8 }} + {{- end }} +{{- end }} diff --git a/charts/thanos/templates/receive-distributor/hpa.yaml b/charts/thanos/templates/receive-distributor/hpa.yaml new file mode 100644 index 0000000000..c5b4cb2320 --- /dev/null +++ b/charts/thanos/templates/receive-distributor/hpa.yaml @@ -0,0 +1,49 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.receiveDistributor.enabled .Values.receiveDistributor.autoscaling.enabled }} +apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ ) }} +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "thanos.receive-distributor.fullname" . }} + namespace: {{ include "common.names.namespace" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: receive-distributor + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + scaleTargetRef: + apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} + kind: Deployment + name: {{ include "thanos.receive-distributor.fullname" . }} + minReplicas: {{ .Values.receiveDistributor.autoscaling.minReplicas }} + maxReplicas: {{ .Values.receiveDistributor.autoscaling.maxReplicas }} + metrics: + {{- if .Values.receiveDistributor.autoscaling.targetMemory }} + - type: Resource + resource: + name: memory + {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} + targetAverageUtilization: {{ .Values.receiveDistributor.autoscaling.targetMemory }} + {{- else }} + target: + type: Utilization + averageUtilization: {{ .Values.receiveDistributor.autoscaling.targetMemory }} + {{- end }} + {{- end }} + {{- if .Values.receiveDistributor.autoscaling.targetCPU }} + - type: Resource + resource: + name: cpu + {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} + targetAverageUtilization: {{ .Values.receiveDistributor.autoscaling.targetCPU }} + {{- else }} + target: + type: Utilization + averageUtilization: {{ .Values.receiveDistributor.autoscaling.targetCPU }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/thanos/templates/receive-distributor/pdb.yaml b/charts/thanos/templates/receive-distributor/pdb.yaml new file mode 100644 index 0000000000..4f362920bc --- /dev/null +++ b/charts/thanos/templates/receive-distributor/pdb.yaml @@ -0,0 +1,28 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.receiveDistributor.enabled .Values.receiveDistributor.pdb.create }} +apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} +kind: PodDisruptionBudget +metadata: + name: {{ include "thanos.receive-distributor.fullname" . }} + namespace: {{ include "common.names.namespace" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: receive-distributor + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.receiveDistributor.pdb.minAvailable }} + minAvailable: {{ .Values.receiveDistributor.pdb.minAvailable }} + {{- end }} + {{- if or .Values.receiveDistributor.pdb.maxUnavailable ( not .Values.receiveDistributor.pdb.minAvailable ) }} + maxUnavailable: {{ .Values.receiveDistributor.pdb.maxUnavailable | default 1 }} + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.receiveDistributor.podLabels .Values.commonLabels ) "context" . ) }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: receive-distributor +{{- end }} diff --git a/charts/thanos/templates/receive-distributor/serviceaccount.yaml b/charts/thanos/templates/receive-distributor/serviceaccount.yaml new file mode 100644 index 0000000000..1a6b11023e --- /dev/null +++ b/charts/thanos/templates/receive-distributor/serviceaccount.yaml @@ -0,0 +1,19 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.receiveDistributor.enabled .Values.receiveDistributor.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "thanos.receive-distributor.serviceAccountName" . }} + namespace: {{ include "common.names.namespace" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: receive-distributor + {{- if or .Values.receiveDistributor.serviceAccount.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.receiveDistributor.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.receiveDistributor.serviceAccount.automountServiceAccountToken }} +{{- end }} diff --git a/charts/thanos/templates/receive-distributor/servicemonitor.yaml b/charts/thanos/templates/receive-distributor/servicemonitor.yaml new file mode 100644 index 0000000000..b3e187cde5 --- /dev/null +++ b/charts/thanos/templates/receive-distributor/servicemonitor.yaml @@ -0,0 +1,51 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.receiveDistributor.enabled .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "thanos.receive-distributor.fullname" . }} + namespace: {{ default .Release.Namespace .Values.metrics.serviceMonitor.namespace | quote }} + {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.serviceMonitor.labels .Values.commonLabels ) "context" . ) }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: receive-distributor + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.metrics.serviceMonitor.jobLabel }} + jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel }} + {{- end }} + endpoints: + - port: http + {{- if .Values.metrics.serviceMonitor.interval }} + interval: {{ .Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: {{ toYaml .Values.metrics.serviceMonitor.metricRelabelings | nindent 8 }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.relabelings }} + relabelings: {{ toYaml .Values.metrics.serviceMonitor.relabelings | nindent 8 }} + {{- end }} + {{- if .Values.https.enabled }} + scheme: https + {{- end }} + {{- if .Values.metrics.serviceMonitor.extraParameters }} + {{- toYaml .Values.metrics.serviceMonitor.extraParameters | nindent 6 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace | quote }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: receive-distributor + {{- if .Values.metrics.serviceMonitor.selector }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.selector "context" $) | nindent 6 }} + {{- end }} +{{- end }} diff --git a/charts/thanos/templates/receive/configmap.yaml b/charts/thanos/templates/receive/configmap.yaml new file mode 100644 index 0000000000..2c862f65db --- /dev/null +++ b/charts/thanos/templates/receive/configmap.yaml @@ -0,0 +1,19 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if (include "thanos.receive.createConfigmap" .) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "thanos.receive.fullname" . }} + namespace: {{ include "common.names.namespace" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: receive + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + {{- include "thanos.receiveConfigMap" . | nindent 2 }} +{{ end }} diff --git a/charts/thanos/templates/receive/hpa.yaml b/charts/thanos/templates/receive/hpa.yaml new file mode 100644 index 0000000000..a922aec379 --- /dev/null +++ b/charts/thanos/templates/receive/hpa.yaml @@ -0,0 +1,49 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.receive.enabled .Values.receive.autoscaling.enabled }} +apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ ) }} +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "thanos.receive.fullname" . }} + namespace: {{ include "common.names.namespace" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: receive + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + scaleTargetRef: + apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} + kind: StatefulSet + name: {{ include "thanos.receive.fullname" . }} + minReplicas: {{ .Values.receive.autoscaling.minReplicas }} + maxReplicas: {{ .Values.receive.autoscaling.maxReplicas }} + metrics: + {{- if .Values.receive.autoscaling.targetMemory }} + - type: Resource + resource: + name: memory + {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} + targetAverageUtilization: {{ .Values.receive.autoscaling.targetMemory }} + {{- else }} + target: + type: Utilization + averageUtilization: {{ .Values.receive.autoscaling.targetMemory }} + {{- end }} + {{- end }} + {{- if .Values.receive.autoscaling.targetCPU }} + - type: Resource + resource: + name: cpu + {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} + targetAverageUtilization: {{ .Values.receive.autoscaling.targetCPU }} + {{- else }} + target: + type: Utilization + averageUtilization: {{ .Values.receive.autoscaling.targetCPU }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/thanos/templates/receive/ingress.yaml b/charts/thanos/templates/receive/ingress.yaml new file mode 100644 index 0000000000..c1ed2536b7 --- /dev/null +++ b/charts/thanos/templates/receive/ingress.yaml @@ -0,0 +1,66 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.receive.enabled .Values.receive.ingress.enabled -}} +apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} +kind: Ingress +metadata: + name: {{ include "thanos.receive.fullname" . }} + namespace: {{ include "common.names.namespace" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: receive + {{- if or .Values.receive.ingress.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.receive.ingress.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.receive.ingress.ingressClassName (include "common.ingress.supportsIngressClassname" .) }} + ingressClassName: {{ .Values.receive.ingress.ingressClassName | quote }} + {{- end }} + rules: + {{- if .Values.receive.ingress.hostname }} + - host: {{ include "common.tplvalues.render" ( dict "value" .Values.receive.ingress.hostname "context" $ ) }} + http: + paths: + - path: /api/v1/receive + {{- if eq "true" (include "common.ingress.supportsPathType" .) }} + pathType: {{ .Values.receive.ingress.pathType }} + {{- end }} + backend: {{- include "common.ingress.backend" (dict "serviceName" (printf "%s-%s" (include "common.names.fullname" .) "receive") "servicePort" "remote" "context" $) | nindent 14 }} + + - path: {{ .Values.receive.ingress.path }} + {{- if eq "true" (include "common.ingress.supportsPathType" .) }} + pathType: {{ .Values.receive.ingress.pathType }} + {{- end }} + backend: {{- include "common.ingress.backend" (dict "serviceName" (printf "%s-%s" (include "common.names.fullname" .) "receive") "servicePort" "http" "context" $) | nindent 14 }} + {{- end }} + {{- range .Values.receive.ingress.extraHosts }} + - host: {{ .name | quote }} + http: + paths: + - path: {{ default "/" .path }} + {{- if eq "true" (include "common.ingress.supportsPathType" $) }} + pathType: {{ default "ImplementationSpecific" .pathType }} + {{- end }} + backend: {{- include "common.ingress.backend" (dict "serviceName" (printf "%s-%s" (include "common.names.fullname" $) "receive") "servicePort" (default "http" .portName) "context" $) | nindent 14 }} + {{- end }} + {{- if .Values.receive.ingress.extraRules }} + {{- include "common.tplvalues.render" (dict "value" .Values.receive.ingress.extraRules "context" $) | nindent 4 }} + {{- end }} + {{- if or (and .Values.receive.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.receive.ingress.annotations )) .Values.receive.ingress.selfSigned)) .Values.receive.ingress.extraTls }} + tls: + {{- if and .Values.receive.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.receive.ingress.annotations )) .Values.receive.ingress.selfSigned) }} + - hosts: + - {{ .Values.receive.ingress.hostname }} + {{- range .Values.receive.ingress.extraHosts }} + - {{ .name | quote }} + {{- end }} + secretName: {{ printf "%s-tls" .Values.receive.ingress.hostname }} + {{- end }} + {{- if .Values.receive.ingress.extraTls }} + {{- include "common.tplvalues.render" (dict "value" .Values.receive.ingress.extraTls "context" $) | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/thanos/templates/receive/networkpolicy.yaml b/charts/thanos/templates/receive/networkpolicy.yaml new file mode 100644 index 0000000000..ef0bb6cc74 --- /dev/null +++ b/charts/thanos/templates/receive/networkpolicy.yaml @@ -0,0 +1,126 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.receive.enabled .Values.receive.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} +metadata: + name: {{ template "thanos.receive.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: receive + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.receive.podLabels .Values.commonLabels ) "context" . ) }} + podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: receive + policyTypes: + - Ingress + - Egress + {{- if .Values.receive.networkPolicy.allowExternalEgress }} + egress: + - {} + {{- else }} + egress: + # Allow dns resolution + - ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + - ports: + - port: {{ .Values.receive.containerPorts.http }} + - port: {{ .Values.receive.service.ports.http }} + - port: {{ .Values.receive.containerPorts.grpc }} + - port: {{ .Values.receive.service.ports.grpc }} + # Communicate with other receive instances via headless service + - ports: + - port: {{ .Values.receive.containerPorts.http }} + - port: {{ .Values.receive.containerPorts.grpc }} + - port: {{ .Values.receive.containerPorts.remote }} + to: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }} + {{- if eq .Values.receive.mode "dual-mode" }} + app.kubernetes.io/component: receive-distributor + {{ else }} + app.kubernetes.io/component: receive + {{ end }} + {{- if .Values.minio.enabled }} + # Communicate with minio + - ports: + - port: {{ .Values.minio.service.ports.api }} + - port: {{ .Values.minio.service.ports.api }} + to: + - podSelector: + matchLabels: + app.kubernetes.io/name: minio + app.kubernetes.io/instance: {{ .Release.Name }} + {{- end }} + {{- if .Values.queryFrontend.enabled }} + # Communicate with query-frontend + - ports: + - port: {{ .Values.queryFrontend.service.ports.http }} + - port: {{ .Values.queryFrontend.containerPorts.http }} + to: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }} + app.kubernetes.io/component: query-frontend + + {{- end }} + {{- if .Values.query.enabled }} + # Communicate with query + - ports: + - port: {{ .Values.query.service.ports.http }} + - port: {{ .Values.query.containerPorts.http }} + - port: {{ .Values.query.serviceGrpc.ports.grpc }} + - port: {{ .Values.query.containerPorts.grpc }} + to: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }} + app.kubernetes.io/component: query + + {{- end }} + {{- if .Values.receive.networkPolicy.extraEgress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.receive.networkPolicy.extraEgress "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} + ingress: + - ports: + - port: {{ .Values.receive.containerPorts.http }} + - port: {{ .Values.receive.service.ports.http }} + - port: {{ .Values.receive.containerPorts.grpc }} + - port: {{ .Values.receive.service.ports.grpc }} + - port: {{ .Values.receive.containerPorts.remote }} + - port: {{ .Values.receive.service.ports.remote }} + {{- if not .Values.receive.networkPolicy.allowExternal }} + from: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} + - podSelector: + matchLabels: + {{ template "thanos.receive.fullname" . }}-client: "true" + {{- if .Values.receive.networkPolicy.ingressNSMatchLabels }} + - namespaceSelector: + matchLabels: + {{- range $key, $value := .Values.receive.networkPolicy.ingressNSMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- if .Values.receive.networkPolicy.ingressNSPodMatchLabels }} + podSelector: + matchLabels: + {{- range $key, $value := .Values.receive.networkPolicy.ingressNSPodMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.receive.networkPolicy.extraIngress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.receive.networkPolicy.extraIngress "context" $ ) | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/thanos/templates/receive/pdb.yaml b/charts/thanos/templates/receive/pdb.yaml new file mode 100644 index 0000000000..b3661b1fd6 --- /dev/null +++ b/charts/thanos/templates/receive/pdb.yaml @@ -0,0 +1,28 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.receive.enabled .Values.receive.pdb.create }} +apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} +kind: PodDisruptionBudget +metadata: + name: {{ include "thanos.receive.fullname" . }} + namespace: {{ include "common.names.namespace" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: receive + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.receive.pdb.minAvailable }} + minAvailable: {{ .Values.receive.pdb.minAvailable }} + {{- end }} + {{- if or .Values.receive.pdb.maxUnavailable ( not .Values.receive.pdb.minAvailable ) }} + maxUnavailable: {{ .Values.receive.pdb.maxUnavailable | default 1 }} + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.receive.podLabels .Values.commonLabels ) "context" . ) }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: receive +{{- end }} diff --git a/charts/thanos/templates/receive/service-headless.yaml b/charts/thanos/templates/receive/service-headless.yaml new file mode 100644 index 0000000000..53ac932f4a --- /dev/null +++ b/charts/thanos/templates/receive/service-headless.yaml @@ -0,0 +1,36 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and (.Values.receive.enabled) (.Values.receive.service.additionalHeadless) -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "thanos.receive.fullname" . }}-headless + namespace: {{ include "common.names.namespace" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: receive + {{- if eq .Values.receive.mode "dual-mode" }} + {{- include "thanos.servicemonitor.matchLabels" . | nindent 4 -}} + {{- end }} + {{- if or .Values.receive.service.headless.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.receive.service.headless.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + type: ClusterIP + clusterIP: None + ports: + - port: {{ .Values.receive.service.ports.http }} + targetPort: http + protocol: TCP + name: http + - port: {{ .Values.receive.service.ports.grpc }} + targetPort: grpc + protocol: TCP + name: grpc + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.receive.podLabels .Values.commonLabels ) "context" . ) }} + selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: receive +{{- end }} diff --git a/charts/thanos/templates/receive/service.yaml b/charts/thanos/templates/receive/service.yaml new file mode 100644 index 0000000000..39c3a13f13 --- /dev/null +++ b/charts/thanos/templates/receive/service.yaml @@ -0,0 +1,81 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.receive.enabled -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "thanos.receive.fullname" . }} + namespace: {{ include "common.names.namespace" . }} + {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.receive.service.labels .Values.commonLabels ) "context" . ) }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} + {{- if eq .Values.receive.mode "dual-mode" }} + app.kubernetes.io/component: receive-distributor + {{ else }} + app.kubernetes.io/component: receive + {{ end }} + {{- include "thanos.servicemonitor.matchLabels" . | nindent 4 -}} + {{- if or .Values.receive.service.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.receive.service.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.receive.service.type }} + {{- if and .Values.receive.service.clusterIP (eq .Values.receive.service.type "ClusterIP") }} + clusterIP: {{ .Values.receive.service.clusterIP }} + {{- end }} + {{- if ne .Values.receive.service.type "ClusterIP" }} + externalTrafficPolicy: {{ .Values.receive.service.externalTrafficPolicy }} + {{- end }} + {{- if and .Values.receive.service.loadBalancerIP (eq .Values.receive.service.type "LoadBalancer") }} + loadBalancerIP: {{ .Values.receive.service.loadBalancerIP }} + {{- end }} + {{- if and (eq .Values.receive.service.type "LoadBalancer") .Values.receive.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{- toYaml .Values.receive.service.loadBalancerSourceRanges | nindent 4 }} + {{- end }} + ports: + - port: {{ .Values.receive.service.ports.http }} + targetPort: http + protocol: TCP + name: http + {{- if and (or (eq .Values.receive.service.type "NodePort") (eq .Values.receive.service.type "LoadBalancer")) .Values.receive.service.nodePorts.http }} + nodePort: {{ .Values.receive.service.nodePorts.http }} + {{- else if eq .Values.receive.service.type "ClusterIP" }} + nodePort: null + {{- end }} + - port: {{ .Values.receive.service.ports.grpc }} + targetPort: grpc + protocol: TCP + name: grpc + {{- if and (or (eq .Values.receive.service.type "NodePort") (eq .Values.receive.service.type "LoadBalancer")) .Values.receive.service.nodePorts.grpc }} + nodePort: {{ .Values.receive.service.nodePorts.grpc }} + {{- else if eq .Values.receive.service.type "ClusterIP" }} + nodePort: null + {{- end }} + - port: {{ .Values.receive.service.ports.remote }} + targetPort: remote-write + protocol: TCP + name: remote + {{- if and (or (eq .Values.receive.service.type "NodePort") (eq .Values.receive.service.type "LoadBalancer")) .Values.receive.service.nodePorts.remote }} + nodePort: {{ .Values.receive.service.nodePorts.remote }} + {{- else if eq .Values.receive.service.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- if .Values.receive.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.receive.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: + {{- if .Values.receive.service.labelSelectorsOverride }} + {{- include "common.tplvalues.render" (dict "value" .Values.receive.service.labelSelectorsOverride "context" $) | nindent 4 }} + {{- else }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.receive.podLabels .Values.commonLabels ) "context" . ) }} + {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} + {{- if eq .Values.receive.mode "dual-mode" }} + app.kubernetes.io/component: receive-distributor + {{ else }} + app.kubernetes.io/component: receive + {{ end }} + {{- end }} +{{- end }} diff --git a/charts/thanos/templates/receive/serviceaccount.yaml b/charts/thanos/templates/receive/serviceaccount.yaml new file mode 100644 index 0000000000..3b3635160f --- /dev/null +++ b/charts/thanos/templates/receive/serviceaccount.yaml @@ -0,0 +1,19 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.receive.enabled .Values.receive.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "thanos.receive.serviceAccountName" . }} + namespace: {{ include "common.names.namespace" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: receive + {{- if or .Values.receive.serviceAccount.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.receive.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.receive.serviceAccount.automountServiceAccountToken }} +{{- end }} diff --git a/charts/thanos/templates/receive/servicemonitor.yaml b/charts/thanos/templates/receive/servicemonitor.yaml new file mode 100644 index 0000000000..b7abcb75f5 --- /dev/null +++ b/charts/thanos/templates/receive/servicemonitor.yaml @@ -0,0 +1,49 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.receive.enabled .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "thanos.receive.fullname" . }} + namespace: {{ default .Release.Namespace .Values.metrics.serviceMonitor.namespace | quote }} + {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.serviceMonitor.labels .Values.commonLabels ) "context" . ) }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: receive + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.metrics.serviceMonitor.jobLabel }} + jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel }} + {{- end }} + endpoints: + - port: http + {{- if .Values.metrics.serviceMonitor.interval }} + interval: {{ .Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: {{ toYaml .Values.metrics.serviceMonitor.metricRelabelings | nindent 8 }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.relabelings }} + relabelings: {{ toYaml .Values.metrics.serviceMonitor.relabelings | nindent 8 }} + {{- end }} + {{- if .Values.https.enabled }} + scheme: https + {{- end }} + {{- if .Values.metrics.serviceMonitor.extraParameters }} + {{- toYaml .Values.metrics.serviceMonitor.extraParameters | nindent 6 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace | quote }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: receive + {{- include "thanos.servicemonitor.selector" . | nindent 6 -}} +{{- end }} diff --git a/charts/thanos/templates/receive/statefulset.yaml b/charts/thanos/templates/receive/statefulset.yaml new file mode 100644 index 0000000000..63e95d23c0 --- /dev/null +++ b/charts/thanos/templates/receive/statefulset.yaml @@ -0,0 +1,338 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.receive.enabled }} +apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} +kind: StatefulSet +metadata: + name: {{ include "thanos.receive.fullname" . }} + namespace: {{ include "common.names.namespace" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: receive + {{- if .Values.receive.statefulsetLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.receive.statefulsetLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if not .Values.receive.autoscaling.enabled }} + replicas: {{ .Values.receive.replicaCount }} + {{- end }} + revisionHistoryLimit: {{ .Values.receive.revisionHistoryLimit }} + podManagementPolicy: {{ .Values.receive.podManagementPolicy }} + serviceName: {{ include "thanos.receive.fullname" . }}-headless + {{- if .Values.receive.updateStrategy }} + updateStrategy: {{- toYaml .Values.receive.updateStrategy | nindent 4 }} + {{- end }} + minReadySeconds: {{ .Values.receive.minReadySeconds }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.receive.podLabels .Values.commonLabels ) "context" . ) }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: receive + template: + metadata: + labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }} + app.kubernetes.io/component: receive + {{- if or .Values.receive.podAnnotations (include "thanos.receive.createConfigmap" $) (include "thanos.createObjstoreSecret" $) }} + annotations: + {{- if (include "thanos.createObjstoreSecret" .) }} + checksum/objstore-configuration: {{ include "thanos.objstoreConfig" . | sha256sum }} + {{- end }} + {{- if (include "thanos.receive.createConfigmap" .) }} + checksum/receive-configuration: {{ include "thanos.receiveConfigMap" . | sha256sum }} + {{- end }} + {{- if .Values.receive.podAnnotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.receive.podAnnotations "context" $) | nindent 8 }} + {{- end }} + {{- end }} + spec: + {{- include "thanos.imagePullSecrets" . | nindent 6 }} + serviceAccountName: {{ include "thanos.receive.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.receive.automountServiceAccountToken }} + {{- if .Values.receive.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.receive.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.receive.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.receive.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.receive.podAffinityPreset "component" "receive" "customLabels" $podLabels "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.receive.podAntiAffinityPreset "component" "receive" "customLabels" $podLabels "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.receive.nodeAffinityPreset.type "key" .Values.receive.nodeAffinityPreset.key "values" .Values.receive.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.receive.dnsConfig }} + dnsConfig: {{- include "common.tplvalues.render" (dict "value" .Values.receive.dnsConfig "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.receive.dnsPolicy }} + dnsPolicy: {{ .Values.receive.dnsPolicy | quote }} + {{- end }} + {{- if .Values.receive.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.receive.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.receive.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.receive.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.receive.priorityClassName }} + priorityClassName: {{ .Values.receive.priorityClassName | quote }} + {{- end }} + {{- if .Values.receive.schedulerName }} + schedulerName: {{ .Values.receive.schedulerName }} + {{- end }} + {{- if .Values.receive.podSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.receive.podSecurityContext "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.receive.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.receive.terminationGracePeriodSeconds }} + {{- end }} + {{- if .Values.receive.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.receive.topologySpreadConstraints "context" $) | nindent 8 }} + {{- end }} + {{- if or .Values.receive.initContainers (and .Values.volumePermissions.enabled .Values.receive.persistence.enabled) }} + initContainers: + {{- if and .Values.volumePermissions.enabled .Values.receive.persistence.enabled }} + - name: init-chmod-data + image: {{ include "thanos.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + command: + - sh + - -c + - | + mkdir -p /var/thanos/receive + chown -R "{{ .Values.receive.containerSecurityContext.runAsUser }}:{{ .Values.receive.podSecurityContext.fsGroup }}" /var/thanos/receive + securityContext: + runAsUser: 0 + volumeMounts: + - name: data + mountPath: /var/thanos/receive + {{- end }} + {{- if .Values.receive.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.receive.initContainers "context" $) | nindent 8 }} + {{- end }} + {{- end }} + containers: + {{- if .Values.receive.sidecars }} + {{- include "common.tplvalues.render" (dict "value" .Values.receive.sidecars "context" $) | nindent 8 }} + {{- end }} + - name: receive + image: {{ include "thanos.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.receive.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.receive.containerSecurityContext "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.receive.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.receive.command "context" $) | nindent 12 }} + {{- end }} + args: + {{- if .Values.receive.args }} + {{- include "common.tplvalues.render" (dict "value" .Values.receive.args "context" $) | nindent 12 }} + {{- else }} + - receive + - --log.level={{ .Values.receive.logLevel }} + - --log.format={{ .Values.receive.logFormat }} + - --grpc-address=0.0.0.0:{{ .Values.receive.containerPorts.grpc }} + - --http-address=0.0.0.0:{{ .Values.receive.containerPorts.http }} + - --remote-write.address=0.0.0.0:{{ .Values.receive.containerPorts.remote }} + {{- if or .Values.objstoreConfig .Values.existingObjstoreSecret }} + - --objstore.config=$(OBJSTORE_CONFIG) + {{- end }} + {{- if (include "thanos.httpConfigEnabled" .) }} + - --http.config=/conf/http/http-config.yml + {{- end }} + {{- if .Values.receive.tsdbPath }} + - --tsdb.path={{ .Values.receive.tsdbPath }} + {{- else }} + - --tsdb.path=/var/thanos/receive + {{- end }} + - --label={{ .Values.receive.replicaLabel }}="$(NAME)" + - --label=receive="true" + - --tsdb.retention={{ .Values.receive.tsdbRetention }} + {{- if not .Values.receive.service.additionalHeadless }} + - --receive.local-endpoint=127.0.0.1:{{ .Values.receive.containerPorts.grpc }} + {{- else }} + - --receive.local-endpoint=$(NAME).{{ include "thanos.receive.fullname" . }}-headless.$(NAMESPACE).svc.{{ .Values.clusterDomain }}:10901 + {{- end }} + {{- if eq .Values.receive.mode "standalone" }} + - --receive.hashrings-file=/var/lib/thanos-receive/hashrings.json + - --receive.replication-factor={{ .Values.receive.replicationFactor }} + {{- end }} + {{- if .Values.receive.grpc.server.tls.enabled }} + - --grpc-server-tls-cert=/certs/{{ include "common.secrets.key" (dict "existingSecret" .Values.receive.grpc.server.tls.existingSecret "key" "tls-cert") }} + - --grpc-server-tls-key=/certs/{{ include "common.secrets.key" (dict "existingSecret" .Values.receive.grpc.server.tls.existingSecret "key" "tls-key") }} + {{- if .Values.receive.grpc.server.tls.clientAuthEnabled }} + - --grpc-server-tls-client-ca=/certs/{{ include "common.secrets.key" (dict "existingSecret" .Values.receive.grpc.server.tls.existingSecret "key" "ca-cert") }} + {{- end }} + {{- end }} + {{- if .Values.receive.extraFlags }} + {{- include "common.tplvalues.render" (dict "value" .Values.receive.extraFlags "context" $) | nindent 12 }} + {{- end }} + {{- end }} + env: + - name: NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + {{- if or .Values.objstoreConfig .Values.existingObjstoreSecret }} + - name: OBJSTORE_CONFIG + valueFrom: + secretKeyRef: + key: objstore.yml + name: {{ include "thanos.objstoreSecretName" . }} + {{- end }} + {{- if .Values.receive.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.receive.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + {{- if or .Values.receive.extraEnvVarsCM .Values.receive.extraEnvVarsSecret }} + envFrom: + {{- if .Values.receive.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.receive.extraEnvVarsCM "context" $) }} + {{- end }} + {{- if .Values.receive.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.receive.extraEnvVarsSecret "context" $) }} + {{- end }} + {{- end }} + ports: + - containerPort: {{ .Values.receive.containerPorts.grpc }} + name: grpc + protocol: TCP + - containerPort: {{ .Values.receive.containerPorts.http }} + name: http + protocol: TCP + - containerPort: {{ .Values.receive.containerPorts.remote }} + name: remote-write + protocol: TCP + {{- if .Values.receive.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.receive.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.receive.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.receive.livenessProbe "enabled") "context" $) | nindent 12 }} + {{- if not .Values.auth.basicAuthUsers }} + httpGet: + path: /-/healthy + port: http + scheme: {{ ternary "HTTPS" "HTTP" .Values.https.enabled }} + {{- else }} + tcpSocket: + port: http + {{- end }} + {{- end }} + {{- if .Values.receive.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.receive.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.receive.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.receive.readinessProbe "enabled") "context" $) | nindent 12 }} + {{- if not .Values.auth.basicAuthUsers }} + httpGet: + path: /-/ready + port: http + scheme: {{ ternary "HTTPS" "HTTP" .Values.https.enabled }} + {{- else }} + tcpSocket: + port: http + {{- end }} + {{- end }} + {{- if .Values.receive.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.receive.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.receive.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.receive.startupProbe "enabled") "context" $) | nindent 12 }} + {{- if not .Values.auth.basicAuthUsers }} + httpGet: + path: /-/ready + port: http + scheme: {{ ternary "HTTPS" "HTTP" .Values.https.enabled }} + {{- else }} + tcpSocket: + port: http + {{- end }} + {{- end }} + {{- if .Values.receive.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.receive.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.receive.resources }} + resources: {{- toYaml .Values.receive.resources | nindent 12 }} + {{- else if ne .Values.receive.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.receive.resourcesPreset) | nindent 12 }} + {{- end }} + volumeMounts: + {{- if (include "thanos.httpConfigEnabled" .) }} + - name: http-config + mountPath: /conf/http + {{- if .Values.https.enabled }} + - name: http-certs + mountPath: /certs + {{- end }} + {{- end }} + - name: hashring-config + mountPath: /var/lib/thanos-receive + - name: data + mountPath: /var/thanos/receive + {{- if .Values.receive.grpc.server.tls.enabled }} + - name: grpc-server-tls + mountPath: /certs + {{- end }} + {{- if .Values.receive.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.receive.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + volumes: + - name: hashring-config + configMap: + name: {{ include "thanos.receive.configmapName" . }} + {{- if .Values.receive.grpc.server.tls.enabled }} + - name: grpc-server-tls + secret: + secretName: {{ include "common.secrets.name" (dict "existingSecret" .Values.receive.grpc.server.tls.existingSecret "defaultNameSuffix" "receive-grpc-server" "context" $) }} + {{- end }} + {{- if (include "thanos.httpConfigEnabled" .) }} + - name: http-config + secret: + secretName: {{ include "thanos.httpConfigSecretName" . }} + {{- if .Values.https.enabled }} + - name: http-certs + secret: + secretName: {{ include "thanos.httpCertsSecretName" . }} + {{- end }} + {{- end }} + {{- if .Values.receive.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.receive.extraVolumes "context" $) | nindent 8 }} + {{- end }} + {{- if and .Values.receive.persistence.enabled .Values.receive.persistence.existingClaim }} + - name: data + persistentVolumeClaim: + claimName: {{ .Values.receive.persistence.existingClaim }} + {{- else if not .Values.receive.persistence.enabled }} + - name: data + emptyDir: {} + {{- else if and .Values.receive.persistence.enabled (not .Values.receive.persistence.existingClaim) }} + {{- if semverCompare ">=1.23-0" (include "common.capabilities.kubeVersion" .) -}} + {{- if .Values.receive.persistentVolumeClaimRetentionPolicy.enabled }} + persistentVolumeClaimRetentionPolicy: + whenDeleted: {{ .Values.receive.persistentVolumeClaimRetentionPolicy.whenDeleted }} + whenScaled: {{ .Values.receive.persistentVolumeClaimRetentionPolicy.whenScaled }} + {{- end }} + {{- end }} + volumeClaimTemplates: + - metadata: + name: data + {{- if .Values.receive.persistence.annotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.receive.persistence.annotations "context" $) | nindent 10 }} + {{- end }} + {{- if .Values.receive.persistence.labels }} + labels: {{- include "common.tplvalues.render" ( dict "value" .Values.receive.persistence.labels "context" $) | nindent 10 }} + {{- end }} + spec: + accessModes: + {{- range .Values.receive.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.receive.persistence.size | quote }} + {{- include "common.storage.class" (dict "persistence" .Values.receive.persistence "global" .Values.global) | nindent 8 }} + {{- end }} +{{- end }} diff --git a/charts/thanos/templates/receive/tls-secrets.yaml b/charts/thanos/templates/receive/tls-secrets.yaml new file mode 100644 index 0000000000..ac1295e4e4 --- /dev/null +++ b/charts/thanos/templates/receive/tls-secrets.yaml @@ -0,0 +1,46 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.receive.ingress.enabled }} +{{- if .Values.receive.ingress.secrets }} +{{- range .Values.receive.ingress.secrets }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" $ }}-receive + namespace: {{ include "common.names.namespace" $ }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: receive + {{- if $.Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + tls.crt: {{ .certificate | b64enc }} + tls.key: {{ .key | b64enc }} +--- +{{- end }} +{{- end }} +{{- if and .Values.receive.ingress.tls .Values.receive.ingress.selfSigned }} +{{- $secretName := printf "%s-tls" .Values.receive.ingress.hostname }} +{{- $ca := genCA "thanos-receive-ca" 365 }} +{{- $cert := genSignedCert .Values.receive.ingress.hostname nil (list .Values.receive.ingress.hostname) 365 $ca }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} + namespace: {{ include "common.names.namespace" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: receive + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }} + tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }} + ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }} +{{- end }} +{{- end }} diff --git a/charts/thanos/templates/ruler/configmap.yaml b/charts/thanos/templates/ruler/configmap.yaml new file mode 100644 index 0000000000..65768dde98 --- /dev/null +++ b/charts/thanos/templates/ruler/configmap.yaml @@ -0,0 +1,19 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if (include "thanos.ruler.createConfigmap" .) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "thanos.ruler.fullname" . }} + namespace: {{ include "common.names.namespace" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: ruler + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + {{- include "thanos.rulerConfigMap" . | nindent 2 }} +{{ end }} diff --git a/charts/thanos/templates/ruler/hpa.yaml b/charts/thanos/templates/ruler/hpa.yaml new file mode 100644 index 0000000000..8822cccec4 --- /dev/null +++ b/charts/thanos/templates/ruler/hpa.yaml @@ -0,0 +1,49 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.ruler.enabled .Values.ruler.autoscaling.enabled }} +apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ ) }} +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "thanos.ruler.fullname" . }} + namespace: {{ include "common.names.namespace" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: receive + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + scaleTargetRef: + apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} + kind: StatefulSet + name: {{ include "thanos.ruler.fullname" . }} + minReplicas: {{ .Values.ruler.autoscaling.minReplicas }} + maxReplicas: {{ .Values.ruler.autoscaling.maxReplicas }} + metrics: + {{- if .Values.ruler.autoscaling.targetMemory }} + - type: Resource + resource: + name: memory + {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} + targetAverageUtilization: {{ .Values.ruler.autoscaling.targetMemory }} + {{- else }} + target: + type: Utilization + averageUtilization: {{ .Values.ruler.autoscaling.targetMemory }} + {{- end }} + {{- end }} + {{- if .Values.ruler.autoscaling.targetCPU }} + - type: Resource + resource: + name: cpu + {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} + targetAverageUtilization: {{ .Values.ruler.autoscaling.targetCPU }} + {{- else }} + target: + type: Utilization + averageUtilization: {{ .Values.ruler.autoscaling.targetCPU }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/thanos/templates/ruler/ingress.yaml b/charts/thanos/templates/ruler/ingress.yaml new file mode 100644 index 0000000000..fc9d589711 --- /dev/null +++ b/charts/thanos/templates/ruler/ingress.yaml @@ -0,0 +1,57 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.ruler.enabled .Values.ruler.ingress.enabled -}} +apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} +kind: Ingress +metadata: + name: {{ include "thanos.ruler.fullname" . }} + namespace: {{ include "common.names.namespace" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: ruler + {{- if or .Values.ruler.ingress.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.ruler.ingress.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ruler.ingress.ingressClassName (include "common.ingress.supportsIngressClassname" .) }} + ingressClassName: {{ .Values.ruler.ingress.ingressClassName | quote }} + {{- end }} + rules: + {{- if .Values.ruler.ingress.hostname }} + - host: {{ include "common.tplvalues.render" ( dict "value" .Values.ruler.ingress.hostname "context" $ ) }} + http: + paths: + - path: {{ .Values.ruler.ingress.path }} + {{- if eq "true" (include "common.ingress.supportsPathType" .) }} + pathType: {{ .Values.ruler.ingress.pathType }} + {{- end }} + backend: {{- include "common.ingress.backend" (dict "serviceName" (printf "%s-%s" (include "common.names.fullname" .) "ruler") "servicePort" "http" "context" $) | nindent 14 }} + {{- end }} + {{- range .Values.ruler.ingress.extraHosts }} + - host: {{ .name }} + http: + paths: + - path: {{ default "/" .path }} + {{- if eq "true" (include "common.ingress.supportsPathType" $) }} + pathType: {{ default "ImplementationSpecific" .pathType }} + {{- end }} + backend: {{- include "common.ingress.backend" (dict "serviceName" (printf "%s-%s" (include "common.names.fullname" $) "ruler") "servicePort" "http" "context" $) | nindent 14 }} + {{- end }} + {{- if .Values.ruler.ingress.extraRules }} + {{- include "common.tplvalues.render" (dict "value" .Values.ruler.ingress.extraRules "context" $) | nindent 4 }} + {{- end }} + {{- if or (and .Values.ruler.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.ruler.ingress.annotations )) .Values.ruler.ingress.selfSigned)) .Values.ruler.ingress.extraTls }} + tls: + {{- if and .Values.ruler.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.ruler.ingress.annotations )) .Values.ruler.ingress.selfSigned) }} + - hosts: + - {{ .Values.ruler.ingress.hostname }} + secretName: {{ printf "%s-tls" .Values.ruler.ingress.hostname }} + {{- end }} + {{- if .Values.ruler.ingress.extraTls }} + {{- include "common.tplvalues.render" (dict "value" .Values.ruler.ingress.extraTls "context" $) | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/thanos/templates/ruler/networkpolicy.yaml b/charts/thanos/templates/ruler/networkpolicy.yaml new file mode 100644 index 0000000000..81dd2a9bbb --- /dev/null +++ b/charts/thanos/templates/ruler/networkpolicy.yaml @@ -0,0 +1,113 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.ruler.enabled .Values.ruler.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} +metadata: + name: {{ template "thanos.ruler.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: ruler + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.ruler.podLabels .Values.commonLabels ) "context" . ) }} + podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: ruler + policyTypes: + - Ingress + - Egress + {{- if .Values.ruler.networkPolicy.allowExternalEgress }} + egress: + - {} + {{- else }} + egress: + # Allow dns resolution + - ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + # Communicate with other ruler instances via headless service + - ports: + - port: {{ .Values.ruler.containerPorts.http }} + - port: {{ .Values.ruler.containerPorts.grpc }} + to: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }} + app.kubernetes.io/component: ruler + {{- if .Values.minio.enabled }} + # Communicate with minio + - ports: + - port: {{ .Values.minio.service.ports.api }} + - port: {{ .Values.minio.service.ports.api }} + to: + - podSelector: + matchLabels: + app.kubernetes.io/name: minio + app.kubernetes.io/instance: {{ .Release.Name }} + {{- end }} + {{- if .Values.query.enabled }} + # Communicate with query + - ports: + - port: {{ .Values.query.service.ports.http }} + - port: {{ .Values.query.containerPorts.http }} + - port: {{ .Values.query.serviceGrpc.ports.grpc }} + - port: {{ .Values.query.containerPorts.grpc }} + to: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }} + app.kubernetes.io/component: query + {{- end }} + {{- if .Values.queryFrontend.enabled }} + # Communicate with query-frontend + - ports: + - port: {{ .Values.queryFrontend.service.ports.http }} + - port: {{ .Values.queryFrontend.containerPorts.http }} + to: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }} + app.kubernetes.io/component: query-frontend + + {{- end }} + {{- if .Values.ruler.networkPolicy.extraEgress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.ruler.networkPolicy.extraEgress "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} + ingress: + - ports: + - port: {{ .Values.ruler.containerPorts.http }} + - port: {{ .Values.ruler.service.ports.http }} + - port: {{ .Values.ruler.containerPorts.grpc }} + - port: {{ .Values.ruler.service.ports.grpc }} + {{- if not .Values.ruler.networkPolicy.allowExternal }} + from: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} + - podSelector: + matchLabels: + {{ template "thanos.ruler.fullname" . }}-client: "true" + {{- if .Values.ruler.networkPolicy.ingressNSMatchLabels }} + - namespaceSelector: + matchLabels: + {{- range $key, $value := .Values.ruler.networkPolicy.ingressNSMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- if .Values.ruler.networkPolicy.ingressNSPodMatchLabels }} + podSelector: + matchLabels: + {{- range $key, $value := .Values.ruler.networkPolicy.ingressNSPodMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.ruler.networkPolicy.extraIngress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.ruler.networkPolicy.extraIngress "context" $ ) | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/thanos/templates/ruler/pdb.yaml b/charts/thanos/templates/ruler/pdb.yaml new file mode 100644 index 0000000000..e899eca277 --- /dev/null +++ b/charts/thanos/templates/ruler/pdb.yaml @@ -0,0 +1,28 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.ruler.enabled .Values.ruler.pdb.create }} +apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} +kind: PodDisruptionBudget +metadata: + name: {{ include "thanos.ruler.fullname" . }} + namespace: {{ include "common.names.namespace" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: ruler + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.ruler.pdb.minAvailable }} + minAvailable: {{ .Values.ruler.pdb.minAvailable }} + {{- end }} + {{- if or .Values.ruler.pdb.maxUnavailable ( not .Values.ruler.pdb.minAvailable ) }} + maxUnavailable: {{ .Values.ruler.pdb.maxUnavailable | default 1 }} + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.ruler.podLabels .Values.commonLabels ) "context" . ) }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: ruler +{{- end }} diff --git a/charts/thanos/templates/ruler/secret.yaml b/charts/thanos/templates/ruler/secret.yaml new file mode 100644 index 0000000000..38e900299e --- /dev/null +++ b/charts/thanos/templates/ruler/secret.yaml @@ -0,0 +1,20 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.ruler.enabled .Values.ruler.alertmanagersConfig }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "thanos.ruler.fullname" . }}-alertmanagers-config + namespace: {{ include "common.names.namespace" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: ruler + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + alertmanagers_config.yml: |- + {{- include "common.tplvalues.render" (dict "value" .Values.ruler.alertmanagersConfig "context" $) | b64enc | nindent 4 }} +{{- end }} diff --git a/charts/thanos/templates/ruler/service-headless.yaml b/charts/thanos/templates/ruler/service-headless.yaml new file mode 100644 index 0000000000..ab8b8f0a1b --- /dev/null +++ b/charts/thanos/templates/ruler/service-headless.yaml @@ -0,0 +1,33 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and (.Values.ruler.enabled) (.Values.ruler.service.additionalHeadless) -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "thanos.ruler.fullname" . }}-headless + namespace: {{ include "common.names.namespace" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: ruler + {{- if or .Values.ruler.service.headless.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.ruler.service.headless.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + type: ClusterIP + clusterIP: None + ports: + - port: {{ .Values.ruler.service.ports.http }} + targetPort: http + protocol: TCP + name: http + - port: {{ .Values.ruler.service.ports.grpc }} + targetPort: grpc + protocol: TCP + name: grpc + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.ruler.podLabels .Values.commonLabels ) "context" . ) }} + selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: ruler +{{- end }} diff --git a/charts/thanos/templates/ruler/service.yaml b/charts/thanos/templates/ruler/service.yaml new file mode 100644 index 0000000000..9d2de8a712 --- /dev/null +++ b/charts/thanos/templates/ruler/service.yaml @@ -0,0 +1,64 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.ruler.enabled -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "thanos.ruler.fullname" . }} + namespace: {{ include "common.names.namespace" . }} + {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.ruler.service.labels .Values.commonLabels ) "context" . ) }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: ruler + {{- include "thanos.servicemonitor.matchLabels" . | nindent 4 -}} + {{- if or .Values.ruler.service.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.ruler.service.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.ruler.service.type }} + {{- if and .Values.ruler.service.clusterIP (eq .Values.ruler.service.type "ClusterIP") }} + clusterIP: {{ .Values.ruler.service.clusterIP }} + {{- end }} + {{- if ne .Values.ruler.service.type "ClusterIP" }} + externalTrafficPolicy: {{ .Values.ruler.service.externalTrafficPolicy }} + {{- end }} + {{- if and .Values.ruler.service.loadBalancerIP (eq .Values.ruler.service.type "LoadBalancer") }} + loadBalancerIP: {{ .Values.ruler.service.loadBalancerIP }} + {{- end }} + {{- if and (eq .Values.ruler.service.type "LoadBalancer") .Values.ruler.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{- toYaml .Values.ruler.service.loadBalancerSourceRanges | nindent 4 }} + {{- end }} + ports: + - port: {{ .Values.ruler.service.ports.http }} + targetPort: http + protocol: TCP + name: http + {{- if and (or (eq .Values.ruler.service.type "NodePort") (eq .Values.ruler.service.type "LoadBalancer")) .Values.ruler.service.nodePorts.http }} + nodePort: {{ .Values.ruler.service.nodePorts.http }} + {{- else if eq .Values.ruler.service.type "ClusterIP" }} + nodePort: null + {{- end }} + - port: {{ .Values.ruler.service.ports.grpc }} + targetPort: grpc + protocol: TCP + name: grpc + {{- if and (or (eq .Values.ruler.service.type "NodePort") (eq .Values.ruler.service.type "LoadBalancer")) .Values.ruler.service.nodePorts.grpc }} + nodePort: {{ .Values.ruler.service.nodePorts.grpc }} + {{- else if eq .Values.ruler.service.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- if .Values.ruler.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.ruler.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: + {{- if .Values.ruler.service.labelSelectorsOverride }} + {{- include "common.tplvalues.render" (dict "value" .Values.ruler.service.labelSelectorsOverride "context" $) | nindent 4 }} + {{- else }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.ruler.podLabels .Values.commonLabels ) "context" . ) }} + {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: ruler + {{- end }} +{{- end }} diff --git a/charts/thanos/templates/ruler/serviceaccount.yaml b/charts/thanos/templates/ruler/serviceaccount.yaml new file mode 100644 index 0000000000..df2e526ac0 --- /dev/null +++ b/charts/thanos/templates/ruler/serviceaccount.yaml @@ -0,0 +1,19 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.ruler.enabled .Values.ruler.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "thanos.ruler.serviceAccountName" . }} + namespace: {{ include "common.names.namespace" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: ruler + {{- if or .Values.ruler.serviceAccount.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.ruler.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.ruler.serviceAccount.automountServiceAccountToken }} +{{- end }} diff --git a/charts/thanos/templates/ruler/servicemonitor.yaml b/charts/thanos/templates/ruler/servicemonitor.yaml new file mode 100644 index 0000000000..37b7633f43 --- /dev/null +++ b/charts/thanos/templates/ruler/servicemonitor.yaml @@ -0,0 +1,49 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.ruler.enabled .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "thanos.ruler.fullname" . }} + namespace: {{ default .Release.Namespace .Values.metrics.serviceMonitor.namespace | quote }} + {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.serviceMonitor.labels .Values.commonLabels ) "context" . ) }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: ruler + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.metrics.serviceMonitor.jobLabel }} + jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel }} + {{- end }} + endpoints: + - port: http + {{- if .Values.metrics.serviceMonitor.interval }} + interval: {{ .Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: {{ toYaml .Values.metrics.serviceMonitor.metricRelabelings | nindent 8 }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.relabelings }} + relabelings: {{ toYaml .Values.metrics.serviceMonitor.relabelings | nindent 8 }} + {{- end }} + {{- if .Values.https.enabled }} + scheme: https + {{- end }} + {{- if .Values.metrics.serviceMonitor.extraParameters }} + {{- toYaml .Values.metrics.serviceMonitor.extraParameters | nindent 6 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace | quote }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: ruler + {{- include "thanos.servicemonitor.selector" . | nindent 6 -}} +{{- end }} diff --git a/charts/thanos/templates/ruler/statefulset.yaml b/charts/thanos/templates/ruler/statefulset.yaml new file mode 100644 index 0000000000..347311bec1 --- /dev/null +++ b/charts/thanos/templates/ruler/statefulset.yaml @@ -0,0 +1,314 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.ruler.enabled }} +apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} +kind: StatefulSet +metadata: + name: {{ include "thanos.ruler.fullname" . }} + namespace: {{ include "common.names.namespace" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: ruler + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if not .Values.ruler.autoscaling.enabled }} + replicas: {{ .Values.ruler.replicaCount }} + {{- end }} + revisionHistoryLimit: {{ .Values.ruler.revisionHistoryLimit }} + podManagementPolicy: {{ .Values.ruler.podManagementPolicy }} + serviceName: {{ include "thanos.ruler.fullname" . }}-headless + {{- if .Values.ruler.updateStrategy }} + updateStrategy: {{- toYaml .Values.ruler.updateStrategy | nindent 4 }} + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.ruler.podLabels .Values.commonLabels ) "context" . ) }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: ruler + template: + metadata: + labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }} + app.kubernetes.io/component: ruler + {{- if or .Values.ruler.podAnnotations (include "thanos.ruler.createConfigmap" .) (include "thanos.createObjstoreSecret" .) }} + annotations: + {{- if (include "thanos.createObjstoreSecret" .) }} + checksum/objstore-configuration: {{ include "thanos.objstoreConfig" . | sha256sum }} + {{- end }} + {{- if (include "thanos.ruler.createConfigmap" .) }} + checksum/ruler-configuration: {{ include "thanos.rulerConfigMap" . | sha256sum }} + {{- end }} + {{- if .Values.ruler.podAnnotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.ruler.podAnnotations "context" $) | nindent 8 }} + {{- end }} + {{- end }} + spec: + {{- include "thanos.imagePullSecrets" . | nindent 6 }} + serviceAccountName: {{ include "thanos.ruler.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.ruler.automountServiceAccountToken }} + {{- if .Values.ruler.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.ruler.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.ruler.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.ruler.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.ruler.podAffinityPreset "component" "ruler" "customLabels" $podLabels "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.ruler.podAntiAffinityPreset "component" "ruler" "customLabels" $podLabels "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.ruler.nodeAffinityPreset.type "key" .Values.ruler.nodeAffinityPreset.key "values" .Values.ruler.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.ruler.dnsConfig }} + dnsConfig: {{- include "common.tplvalues.render" (dict "value" .Values.ruler.dnsConfig "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.ruler.dnsPolicy }} + dnsPolicy: {{ .Values.ruler.dnsPolicy | quote }} + {{- end }} + {{- if .Values.ruler.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.ruler.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.ruler.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.ruler.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.ruler.priorityClassName }} + priorityClassName: {{ .Values.ruler.priorityClassName | quote }} + {{- end }} + {{- if .Values.ruler.schedulerName }} + schedulerName: {{ .Values.ruler.schedulerName }} + {{- end }} + {{- if .Values.ruler.podSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.ruler.podSecurityContext "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.ruler.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.ruler.topologySpreadConstraints "context" $) | nindent 8 }} + {{- end }} + {{- if or .Values.ruler.initContainers (and .Values.volumePermissions.enabled .Values.ruler.persistence.enabled) }} + initContainers: + {{- if and .Values.volumePermissions.enabled .Values.ruler.persistence.enabled }} + - name: init-chmod-data + image: {{ include "thanos.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + command: + - sh + - -c + - | + mkdir -p /data + chown -R "{{ .Values.ruler.containerSecurityContext.runAsUser }}:{{ .Values.ruler.podSecurityContext.fsGroup }}" /data + securityContext: + runAsUser: 0 + volumeMounts: + - name: data + mountPath: /data + {{- end }} + {{- if .Values.ruler.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.ruler.initContainers "context" $) | nindent 8 }} + {{- end }} + {{- end }} + containers: + {{- if .Values.ruler.sidecars }} + {{- include "common.tplvalues.render" (dict "value" .Values.ruler.sidecars "context" $) | nindent 8 }} + {{- end }} + - name: ruler + image: {{ include "thanos.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.ruler.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.ruler.containerSecurityContext "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.ruler.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.ruler.command "context" $) | nindent 12 }} + {{- end }} + args: + {{- if .Values.ruler.args }} + {{- include "common.tplvalues.render" (dict "value" .Values.ruler.args "context" $) | nindent 12 }} + {{- else }} + - rule + - --log.level={{ .Values.ruler.logLevel }} + - --log.format={{ .Values.ruler.logFormat }} + - --grpc-address=0.0.0.0:{{ .Values.ruler.containerPorts.grpc }} + - --http-address=0.0.0.0:{{ .Values.ruler.containerPorts.http }} + - --data-dir=/data + - --eval-interval={{ .Values.ruler.evalInterval }} + {{- if (include "thanos.httpConfigEnabled" .) }} + - --http.config=/conf/http/http-config.yml + {{- end }} + {{- range .Values.ruler.alertmanagers }} + - --alertmanagers.url={{ . }} + {{- end }} + {{- if .Values.ruler.alertmanagersConfig }} + - --alertmanagers.config-file=/conf/alertmanagers/alertmanagers_config.yml + {{- end }} + {{- if and .Values.query.enabled .Values.ruler.dnsDiscovery.enabled }} + - --query=dnssrv+_http._tcp.{{ include "thanos.query.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} + {{- end }} + - --alert.query-url={{- template "thanos.ruler.queryURL" .}} + - --label={{ .Values.ruler.replicaLabel }}="$(POD_NAME)" + - --label=ruler_cluster="{{ .Values.ruler.clusterName }}" + - --alert.label-drop={{ .Values.ruler.replicaLabel }} + - --objstore.config-file=/conf/objstore/objstore.yml + - --rule-file=/conf/rules/*.yml + {{- range .Values.ruler.queries }} + - --query={{ . }} + {{- end }} + {{- if .Values.ruler.extraFlags }} + {{- include "common.tplvalues.render" (dict "value" .Values.ruler.extraFlags "context" $) | nindent 12 }} + {{- end }} + {{- end }} + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + {{- if .Values.ruler.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.ruler.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + {{- if or .Values.ruler.extraEnvVarsCM .Values.ruler.extraEnvVarsSecret }} + envFrom: + {{- if .Values.ruler.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.ruler.extraEnvVarsCM "context" $) }} + {{- end }} + {{- if .Values.ruler.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.ruler.extraEnvVarsSecret "context" $) }} + {{- end }} + {{- end }} + ports: + - name: http + containerPort: {{ .Values.ruler.containerPorts.http }} + protocol: TCP + - name: grpc + containerPort: {{ .Values.ruler.containerPorts.grpc }} + protocol: TCP + {{- if .Values.ruler.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.ruler.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.ruler.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.ruler.livenessProbe "enabled") "context" $) | nindent 12 }} + {{- if not .Values.auth.basicAuthUsers }} + httpGet: + path: /-/healthy + port: http + scheme: {{ ternary "HTTPS" "HTTP" .Values.https.enabled }} + {{- else }} + tcpSocket: + port: http + {{- end }} + {{- end }} + {{- if .Values.ruler.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.ruler.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.ruler.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.ruler.readinessProbe "enabled") "context" $) | nindent 12 }} + {{- if not .Values.auth.basicAuthUsers }} + httpGet: + path: /-/ready + port: http + scheme: {{ ternary "HTTPS" "HTTP" .Values.https.enabled }} + {{- else }} + tcpSocket: + port: http + {{- end }} + {{- end }} + {{- if .Values.ruler.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.ruler.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.ruler.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.ruler.startupProbe "enabled") "context" $) | nindent 12 }} + {{- if not .Values.auth.basicAuthUsers }} + httpGet: + path: /-/ready + port: http + scheme: {{ ternary "HTTPS" "HTTP" .Values.https.enabled }} + {{- else }} + tcpSocket: + port: http + {{- end }} + {{- end }} + {{- if .Values.ruler.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.ruler.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.ruler.resources }} + resources: {{- toYaml .Values.ruler.resources | nindent 12 }} + {{- else if ne .Values.ruler.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.ruler.resourcesPreset) | nindent 12 }} + {{- end }} + volumeMounts: + - name: ruler-config + mountPath: /conf/rules + - name: objstore-config + mountPath: /conf/objstore + {{- if (include "thanos.httpConfigEnabled" .) }} + - name: http-config + mountPath: /conf/http + {{- if .Values.https.enabled }} + - name: http-certs + mountPath: /certs + {{- end }} + {{- end }} + - name: data + mountPath: /data + {{- if .Values.ruler.alertmanagersConfig }} + - name: alertmanagers-config + mountPath: /conf/alertmanagers + {{- end }} + {{- if .Values.ruler.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.ruler.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + volumes: + - name: ruler-config + configMap: + name: {{ include "thanos.ruler.configmapName" . }} + - name: objstore-config + secret: + secretName: {{ include "thanos.objstoreSecretName" . }} + {{- if .Values.existingObjstoreSecretItems }} + items: {{- toYaml .Values.existingObjstoreSecretItems | nindent 14 }} + {{- end }} + {{- if (include "thanos.httpConfigEnabled" .) }} + - name: http-config + secret: + secretName: {{ include "thanos.httpConfigSecretName" . }} + {{- if .Values.https.enabled }} + - name: http-certs + secret: + secretName: {{ include "thanos.httpCertsSecretName" . }} + {{- end }} + {{- end }} + {{- if .Values.ruler.alertmanagersConfig }} + - name: alertmanagers-config + secret: + secretName: {{ include "thanos.ruler.fullname" . }}-alertmanagers-config + {{- end }} + {{- if .Values.ruler.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.ruler.extraVolumes "context" $) | nindent 8 }} + {{- end }} + {{- if and .Values.ruler.persistence.enabled .Values.ruler.persistence.existingClaim }} + - name: data + persistentVolumeClaim: + claimName: {{ .Values.ruler.persistence.existingClaim }} + {{- else if not .Values.ruler.persistence.enabled }} + - name: data + emptyDir: {} + {{- else if and .Values.ruler.persistence.enabled (not .Values.ruler.persistence.existingClaim) }} + {{- if semverCompare ">=1.23-0" (include "common.capabilities.kubeVersion" .) -}} + {{- if .Values.ruler.persistentVolumeClaimRetentionPolicy.enabled }} + persistentVolumeClaimRetentionPolicy: + whenDeleted: {{ .Values.ruler.persistentVolumeClaimRetentionPolicy.whenDeleted }} + whenScaled: {{ .Values.ruler.persistentVolumeClaimRetentionPolicy.whenScaled }} + {{- end }} + {{- end }} + volumeClaimTemplates: + - metadata: + name: data + {{- if .Values.ruler.persistence.annotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.ruler.persistence.annotations "context" $) | nindent 10 }} + {{- end }} + spec: + accessModes: + {{- range .Values.ruler.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.ruler.persistence.size | quote }} + {{- include "common.storage.class" (dict "persistence" .Values.ruler.persistence "global" .Values.global) | nindent 8 }} + {{- end }} +{{- end }} diff --git a/charts/thanos/templates/ruler/tls-secrets.yaml b/charts/thanos/templates/ruler/tls-secrets.yaml new file mode 100644 index 0000000000..cce5283dfa --- /dev/null +++ b/charts/thanos/templates/ruler/tls-secrets.yaml @@ -0,0 +1,46 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.ruler.ingress.enabled }} +{{- if .Values.ruler.ingress.secrets }} +{{- range .Values.ruler.ingress.secrets }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" $ }}-ruler + namespace: {{ include "common.names.namespace" $ }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: ruler + {{- if $.Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + tls.crt: {{ .certificate | b64enc }} + tls.key: {{ .key | b64enc }} +--- +{{- end }} +{{- end }} +{{- if and .Values.ruler.ingress.tls .Values.ruler.ingress.selfSigned }} +{{- $secretName := printf "%s-tls" .Values.ruler.ingress.hostname }} +{{- $ca := genCA "thanos-ruler-ca" 365 }} +{{- $cert := genSignedCert .Values.ruler.ingress.hostname nil (list .Values.ruler.ingress.hostname) 365 $ca }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} + namespace: {{ include "common.names.namespace" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: ruler + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }} + tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }} + ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }} +{{- end }} +{{- end }} diff --git a/charts/thanos/templates/storegateway/configmap.yaml b/charts/thanos/templates/storegateway/configmap.yaml new file mode 100644 index 0000000000..fd0e47c7cf --- /dev/null +++ b/charts/thanos/templates/storegateway/configmap.yaml @@ -0,0 +1,19 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if (include "thanos.storegateway.createConfigmap" .) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "thanos.storegateway.fullname" . }} + namespace: {{ include "common.names.namespace" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: storegateway + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + {{- include "thanos.storegatewayConfigMap" . | nindent 2 }} +{{- end }} diff --git a/charts/thanos/templates/storegateway/hpa-sharded.yaml b/charts/thanos/templates/storegateway/hpa-sharded.yaml new file mode 100644 index 0000000000..bf86de7740 --- /dev/null +++ b/charts/thanos/templates/storegateway/hpa-sharded.yaml @@ -0,0 +1,61 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.storegateway.enabled .Values.storegateway.autoscaling.enabled .Values.storegateway.sharded.enabled }} + +{{- $shards := int 0 }} +{{- if .Values.storegateway.sharded.hashPartitioning.shards }} + {{- $shards = int .Values.storegateway.sharded.hashPartitioning.shards }} +{{- else }} + {{- $shards = len .Values.storegateway.sharded.timePartitioning }} +{{- end }} + +{{- range $index, $_ := until $shards }} +apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ ) }} +kind: HorizontalPodAutoscaler +metadata: + name: {{ printf "%s-%s" (include "thanos.storegateway.fullname" $) (toString $index) | trunc 63 | trimSuffix "-" }} + namespace: {{ include "common.names.namespace" $ }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: storegateway + shard: {{ $index | quote }} + {{- if $.Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + scaleTargetRef: + apiVersion: {{ include "common.capabilities.statefulset.apiVersion" $ }} + kind: StatefulSet + name: {{ printf "%s-%s" (include "thanos.storegateway.fullname" $) (toString $index) | trunc 63 | trimSuffix "-" }} + minReplicas: {{ $.Values.storegateway.autoscaling.minReplicas }} + maxReplicas: {{ $.Values.storegateway.autoscaling.maxReplicas }} + metrics: + {{- if $.Values.storegateway.autoscaling.targetMemory }} + - type: Resource + resource: + name: memory + {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" $) }} + targetAverageUtilization: {{ $.Values.storegateway.autoscaling.targetMemory }} + {{- else }} + target: + type: Utilization + averageUtilization: {{ $.Values.storegateway.autoscaling.targetMemory }} + {{- end }} + {{- end }} + {{- if $.Values.storegateway.autoscaling.targetCPU }} + - type: Resource + resource: + name: cpu + {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" $) }} + targetAverageUtilization: {{ $.Values.storegateway.autoscaling.targetCPU }} + {{- else }} + target: + type: Utilization + averageUtilization: {{ $.Values.storegateway.autoscaling.targetCPU }} + {{- end }} + {{- end }} +--- +{{- end }} +{{- end }} diff --git a/charts/thanos/templates/storegateway/hpa.yaml b/charts/thanos/templates/storegateway/hpa.yaml new file mode 100644 index 0000000000..66317f168a --- /dev/null +++ b/charts/thanos/templates/storegateway/hpa.yaml @@ -0,0 +1,49 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.storegateway.enabled .Values.storegateway.autoscaling.enabled (not .Values.storegateway.sharded.enabled) }} +apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ ) }} +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "thanos.storegateway.fullname" . }} + namespace: {{ include "common.names.namespace" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: storegateway + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + scaleTargetRef: + apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} + kind: StatefulSet + name: {{ include "thanos.storegateway.fullname" . }} + minReplicas: {{ .Values.storegateway.autoscaling.minReplicas }} + maxReplicas: {{ .Values.storegateway.autoscaling.maxReplicas }} + metrics: + {{- if .Values.storegateway.autoscaling.targetMemory }} + - type: Resource + resource: + name: memory + {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} + targetAverageUtilization: {{ .Values.storegateway.autoscaling.targetMemory }} + {{- else }} + target: + type: Utilization + averageUtilization: {{ .Values.storegateway.autoscaling.targetMemory }} + {{- end }} + {{- end }} + {{- if .Values.storegateway.autoscaling.targetCPU }} + - type: Resource + resource: + name: cpu + {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} + targetAverageUtilization: {{ .Values.storegateway.autoscaling.targetCPU }} + {{- else }} + target: + type: Utilization + averageUtilization: {{ .Values.storegateway.autoscaling.targetCPU }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/thanos/templates/storegateway/ingress-grpc.yaml b/charts/thanos/templates/storegateway/ingress-grpc.yaml new file mode 100644 index 0000000000..8f415488d6 --- /dev/null +++ b/charts/thanos/templates/storegateway/ingress-grpc.yaml @@ -0,0 +1,57 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.storegateway.ingress.grpc.enabled -}} +apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} +kind: Ingress +metadata: + name: {{ include "thanos.storegateway.fullname" . }}-grpc + namespace: {{ include "common.names.namespace" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: storegateway + {{- if or .Values.storegateway.ingress.grpc.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.storegateway.ingress.grpc.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.storegateway.ingress.grpc.ingressClassName (include "common.ingress.supportsIngressClassname" .) }} + ingressClassName: {{ .Values.storegateway.ingress.grpc.ingressClassName | quote }} + {{- end }} + rules: + {{- if .Values.storegateway.ingress.grpc.hostname }} + - host: {{ include "common.tplvalues.render" ( dict "value" .Values.storegateway.ingress.grpc.hostname "context" $ ) }} + http: + paths: + - path: {{ .Values.storegateway.ingress.grpc.path }} + {{- if eq "true" (include "common.ingress.supportsPathType" .) }} + pathType: {{ .Values.storegateway.ingress.grpc.pathType }} + {{- end }} + backend: {{- include "common.ingress.backend" (dict "serviceName" (printf "%s-%s" (include "common.names.fullname" .) "storegateway") "servicePort" "grpc" "context" $) | nindent 14 }} + {{- end }} + {{- range .Values.storegateway.ingress.grpc.extraHosts }} + - host: {{ .name }} + http: + paths: + - path: {{ default "/" .path }} + {{- if eq "true" (include "common.ingress.supportsPathType" $) }} + pathType: {{ default "ImplementationSpecific" .pathType }} + {{- end }} + backend: {{- include "common.ingress.backend" (dict "serviceName" (printf "%s-%s" (include "common.names.fullname" $) "storegateway") "servicePort" "grpc" "context" $) | nindent 14 }} + {{- end }} + {{- if .Values.storegateway.ingress.grpc.extraRules }} + {{- include "common.tplvalues.render" (dict "value" .Values.storegateway.ingress.grpc.extraRules "context" $) | nindent 4 }} + {{- end }} + {{- if or (and .Values.storegateway.ingress.grpc.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.storegateway.ingress.grpc.annotations)) .Values.storegateway.ingress.grpc.selfSigned)) .Values.storegateway.ingress.grpc.extraTls }} + tls: + {{- if and .Values.storegateway.ingress.grpc.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.storegateway.ingress.grpc.annotations)) .Values.storegateway.ingress.grpc.selfSigned) }} + - hosts: + - {{ .Values.storegateway.ingress.grpc.hostname }} + secretName: {{ printf "%s-tls" .Values.storegateway.ingress.grpc.hostname }} + {{- end }} + {{- if .Values.storegateway.ingress.grpc.extraTls }} + {{- include "common.tplvalues.render" (dict "value" .Values.storegateway.ingress.grpc.extraTls "context" $) | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/thanos/templates/storegateway/ingress.yaml b/charts/thanos/templates/storegateway/ingress.yaml new file mode 100644 index 0000000000..661e808e27 --- /dev/null +++ b/charts/thanos/templates/storegateway/ingress.yaml @@ -0,0 +1,57 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.storegateway.enabled .Values.storegateway.ingress.enabled -}} +apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} +kind: Ingress +metadata: + name: {{ include "thanos.storegateway.fullname" . }} + namespace: {{ include "common.names.namespace" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: storegateway + {{- if or .Values.storegateway.ingress.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.storegateway.ingress.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.storegateway.ingress.ingressClassName (include "common.ingress.supportsIngressClassname" .) }} + ingressClassName: {{ .Values.storegateway.ingress.ingressClassName | quote }} + {{- end }} + rules: + {{- if .Values.storegateway.ingress.hostname }} + - host: {{ include "common.tplvalues.render" ( dict "value" .Values.storegateway.ingress.hostname "context" $ ) }} + http: + paths: + - path: {{ .Values.storegateway.ingress.path }} + {{- if eq "true" (include "common.ingress.supportsPathType" .) }} + pathType: {{ .Values.storegateway.ingress.pathType }} + {{- end }} + backend: {{- include "common.ingress.backend" (dict "serviceName" (printf "%s-%s" (include "common.names.fullname" .) "storegateway") "servicePort" "http" "context" $) | nindent 14 }} + {{- end }} + {{- range .Values.storegateway.ingress.extraHosts }} + - host: {{ .name }} + http: + paths: + - path: {{ default "/" .path }} + {{- if eq "true" (include "common.ingress.supportsPathType" $) }} + pathType: {{ default "ImplementationSpecific" .pathType }} + {{- end }} + backend: {{- include "common.ingress.backend" (dict "serviceName" (printf "%s-%s" (include "common.names.fullname" $) "storegateway") "servicePort" "http" "context" $) | nindent 14 }} + {{- end }} + {{- if .Values.storegateway.ingress.extraRules }} + {{- include "common.tplvalues.render" (dict "value" .Values.storegateway.ingress.extraRules "context" $) | nindent 4 }} + {{- end }} + {{- if or (and .Values.storegateway.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.storegateway.ingress.annotations )) .Values.storegateway.ingress.selfSigned)) .Values.storegateway.ingress.extraTls }} + tls: + {{- if and .Values.storegateway.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.storegateway.ingress.annotations )) .Values.storegateway.ingress.selfSigned) }} + - hosts: + - {{ .Values.storegateway.ingress.hostname }} + secretName: {{ printf "%s-tls" .Values.storegateway.ingress.hostname }} + {{- end }} + {{- if .Values.storegateway.ingress.extraTls }} + {{- include "common.tplvalues.render" (dict "value" .Values.storegateway.ingress.extraTls "context" $) | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/thanos/templates/storegateway/networkpolicy.yaml b/charts/thanos/templates/storegateway/networkpolicy.yaml new file mode 100644 index 0000000000..11d89664ee --- /dev/null +++ b/charts/thanos/templates/storegateway/networkpolicy.yaml @@ -0,0 +1,90 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.storegateway.enabled .Values.storegateway.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} +metadata: + name: {{ template "thanos.storegateway.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: storegateway + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.storegateway.podLabels .Values.commonLabels ) "context" . ) }} + podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: storegateway + policyTypes: + - Ingress + - Egress + {{- if .Values.storegateway.networkPolicy.allowExternalEgress }} + egress: + - {} + {{- else }} + egress: + # Allow dns resolution + - ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + # Communicate with other storegateway instances via headless service + - ports: + - port: {{ .Values.storegateway.containerPorts.http }} + - port: {{ .Values.storegateway.containerPorts.grpc }} + to: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 14 }} + app.kubernetes.io/component: storegateway + {{- if .Values.minio.enabled }} + # Communicate with minio + - ports: + - port: {{ .Values.minio.service.ports.api }} + - port: {{ .Values.minio.containerPorts.api }} + to: + - podSelector: + matchLabels: + app.kubernetes.io/name: minio + app.kubernetes.io/instance: {{ .Release.Name }} + {{- end }} + {{- if .Values.storegateway.networkPolicy.extraEgress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.storegateway.networkPolicy.extraEgress "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} + ingress: + - ports: + - port: {{ .Values.storegateway.containerPorts.http }} + - port: {{ .Values.storegateway.service.ports.http }} + - port: {{ .Values.storegateway.containerPorts.grpc }} + - port: {{ .Values.storegateway.service.ports.grpc }} + {{- if not .Values.storegateway.networkPolicy.allowExternal }} + from: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }} + - podSelector: + matchLabels: + {{ template "thanos.storegateway.fullname" . }}-client: "true" + {{- if .Values.storegateway.networkPolicy.ingressNSMatchLabels }} + - namespaceSelector: + matchLabels: + {{- range $key, $value := .Values.storegateway.networkPolicy.ingressNSMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- if .Values.storegateway.networkPolicy.ingressNSPodMatchLabels }} + podSelector: + matchLabels: + {{- range $key, $value := .Values.storegateway.networkPolicy.ingressNSPodMatchLabels }} + {{ $key | quote }}: {{ $value | quote }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.storegateway.networkPolicy.extraIngress }} + {{- include "common.tplvalues.render" ( dict "value" .Values.storegateway.networkPolicy.extraIngress "context" $ ) | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/thanos/templates/storegateway/pdb-sharded.yaml b/charts/thanos/templates/storegateway/pdb-sharded.yaml new file mode 100644 index 0000000000..757e747507 --- /dev/null +++ b/charts/thanos/templates/storegateway/pdb-sharded.yaml @@ -0,0 +1,41 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.storegateway.enabled .Values.storegateway.pdb.create .Values.storegateway.sharded.enabled }} + +{{- $shards := int 0 }} +{{- if .Values.storegateway.sharded.hashPartitioning.shards }} + {{- $shards = int .Values.storegateway.sharded.hashPartitioning.shards }} +{{- else }} + {{- $shards = len .Values.storegateway.sharded.timePartitioning }} +{{- end }} + +{{- range $index, $_ := until $shards }} +apiVersion: {{ include "common.capabilities.policy.apiVersion" $ }} +kind: PodDisruptionBudget +metadata: + name: {{ printf "%s-%s" (include "thanos.storegateway.fullname" $) (toString $index) | trunc 63 | trimSuffix "-" }} + namespace: {{ include "common.names.namespace" $ }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: storegateway + shard: {{ $index | quote }} + {{- if $.Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if $.Values.storegateway.pdb.minAvailable }} + minAvailable: {{ $.Values.storegateway.pdb.minAvailable }} + {{- end }} + {{- if or $.Values.storegateway.pdb.maxUnavailable ( not $.Values.storegateway.pdb.minAvailable ) }} + maxUnavailable: {{ $.Values.storegateway.pdb.maxUnavailable | default 1 }} + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list $.Values.storegateway.podLabels $.Values.commonLabels ) "context" $ ) }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: storegateway + shard: {{ $index | quote }} +--- +{{- end }} +{{- end }} diff --git a/charts/thanos/templates/storegateway/pdb.yaml b/charts/thanos/templates/storegateway/pdb.yaml new file mode 100644 index 0000000000..e1e3047222 --- /dev/null +++ b/charts/thanos/templates/storegateway/pdb.yaml @@ -0,0 +1,28 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.storegateway.enabled .Values.storegateway.pdb.create (not .Values.storegateway.sharded.enabled) }} +apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} +kind: PodDisruptionBudget +metadata: + name: {{ include "thanos.storegateway.fullname" . }} + namespace: {{ include "common.names.namespace" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: storegateway + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.storegateway.pdb.minAvailable }} + minAvailable: {{ .Values.storegateway.pdb.minAvailable }} + {{- end }} + {{- if or .Values.storegateway.pdb.maxUnavailable ( not .Values.storegateway.pdb.minAvailable ) }} + maxUnavailable: {{ .Values.storegateway.pdb.maxUnavailable | default 1 }} + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.storegateway.podLabels .Values.commonLabels ) "context" . ) }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: storegateway +{{- end }} diff --git a/charts/thanos/templates/storegateway/service-headless.yaml b/charts/thanos/templates/storegateway/service-headless.yaml new file mode 100644 index 0000000000..ad4fa08593 --- /dev/null +++ b/charts/thanos/templates/storegateway/service-headless.yaml @@ -0,0 +1,33 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and (.Values.storegateway.enabled) (.Values.storegateway.service.additionalHeadless) -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "thanos.storegateway.fullname" . }}-headless + namespace: {{ include "common.names.namespace" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: storegateway + {{- if or .Values.storegateway.service.headless.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.storegateway.service.headless.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + type: ClusterIP + clusterIP: None + ports: + - port: {{ .Values.storegateway.service.ports.http }} + targetPort: http + protocol: TCP + name: http + - port: {{ .Values.storegateway.service.ports.grpc }} + targetPort: grpc + protocol: TCP + name: grpc + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.storegateway.podLabels .Values.commonLabels ) "context" . ) }} + selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: storegateway +{{- end }} diff --git a/charts/thanos/templates/storegateway/service-sharded.yaml b/charts/thanos/templates/storegateway/service-sharded.yaml new file mode 100644 index 0000000000..e5ef3807b6 --- /dev/null +++ b/charts/thanos/templates/storegateway/service-sharded.yaml @@ -0,0 +1,79 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.storegateway.enabled .Values.storegateway.sharded.enabled }} + +{{- $shards := int 0 }} +{{- if .Values.storegateway.sharded.hashPartitioning.shards }} + {{- $shards = int .Values.storegateway.sharded.hashPartitioning.shards }} +{{- else }} + {{- $shards = len .Values.storegateway.sharded.timePartitioning }} +{{- end }} + +{{- range $index, $_ := until $shards }} +apiVersion: v1 +kind: Service +metadata: + {{- $svcNamePrefix := include "thanos.storegateway.fullname" $ }} + name: {{ printf "%s-%s" $svcNamePrefix (toString $index) }} + namespace: {{ include "common.names.namespace" $ }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: storegateway + shard: {{ $index | quote }} + {{- if and $.Values.metrics.enabled $.Values.metrics.serviceMonitor.enabled }} + prometheus-operator/monitor: 'true' + {{- end }} + {{- if or $.Values.storegateway.service.annotations $.Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list $.Values.storegateway.service.annotations $.Values.commonAnnotations ) "context" $ ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + type: {{ $.Values.storegateway.service.type }} + {{- if ne "false" (include "thanos.validateValues.storegateway.sharded.length" (dict "property" $.Values.storegateway.sharded.service.clusterIPs "context" $) ) }} + clusterIP: {{ index $.Values.storegateway.sharded.service.clusterIPs $index }} + {{- end }} + {{- if ne $.Values.storegateway.service.type "ClusterIP" }} + externalTrafficPolicy: {{ $.Values.storegateway.service.externalTrafficPolicy }} + {{- end }} + {{- if ne "false" (include "thanos.validateValues.storegateway.sharded.length" (dict "property" $.Values.storegateway.sharded.service.loadBalancerIPs "context" $) ) }} + loadBalancerIP: {{ $.Values.storegateway.sharded.service.loadBalancerIPs }} + {{- end }} + {{- if and (eq $.Values.storegateway.service.type "LoadBalancer") $.Values.storegateway.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{- toYaml $.Values.storegateway.service.loadBalancerSourceRanges | nindent 4 }} + {{- end }} + ports: + - port: {{ $.Values.storegateway.service.ports.http }} + targetPort: http + protocol: TCP + name: http + {{- if ne "false" (include "thanos.validateValues.storegateway.sharded.length" (dict "property" $.Values.storegateway.sharded.service.http.nodePorts "context" $) ) }} + nodePort: {{ index $.Values.storegateway.sharded.service.http.nodePorts $index }} + {{- else if eq $.Values.storegateway.service.type "ClusterIP" }} + nodePort: null + {{- end }} + - port: {{ $.Values.storegateway.service.ports.grpc }} + targetPort: grpc + protocol: TCP + name: grpc + {{- if ne "false" (include "thanos.validateValues.storegateway.sharded.length" (dict "property" $.Values.storegateway.sharded.service.grpc.nodePorts "context" $) ) }} + nodePort: {{ index $.Values.storegateway.sharded.service.grpc.nodePorts $index }} + {{- else if eq $.Values.storegateway.service.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- if $.Values.storegateway.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" $.Values.storegateway.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: + {{- if $.Values.storegateway.service.labelSelectorsOverride }} + {{- include "common.tplvalues.render" (dict "value" $.Values.storegateway.service.labelSelectorsOverride "context" $) | nindent 4 }} + {{- else }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list $.Values.storegateway.podLabels $.Values.commonLabels ) "context" $ ) }} + {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: storegateway + shard: {{ $index | quote }} + {{- end }} +--- +{{- end }} +{{- end }} diff --git a/charts/thanos/templates/storegateway/service.yaml b/charts/thanos/templates/storegateway/service.yaml new file mode 100644 index 0000000000..c0bc95a2ed --- /dev/null +++ b/charts/thanos/templates/storegateway/service.yaml @@ -0,0 +1,64 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.storegateway.enabled (not .Values.storegateway.sharded.enabled) }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "thanos.storegateway.fullname" . }} + namespace: {{ include "common.names.namespace" . }} + {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.storegateway.service.labels .Values.commonLabels ) "context" . ) }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: storegateway + {{- include "thanos.servicemonitor.matchLabels" . | nindent 4 -}} + {{- if or .Values.storegateway.service.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.storegateway.service.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.storegateway.service.type }} + {{- if and .Values.storegateway.service.clusterIP (eq .Values.storegateway.service.type "ClusterIP") }} + clusterIP: {{ .Values.storegateway.service.clusterIP }} + {{- end }} + {{- if ne .Values.storegateway.service.type "ClusterIP" }} + externalTrafficPolicy: {{ .Values.storegateway.service.externalTrafficPolicy }} + {{- end }} + {{- if and .Values.storegateway.service.loadBalancerIP (eq .Values.storegateway.service.type "LoadBalancer") }} + loadBalancerIP: {{ .Values.storegateway.service.loadBalancerIP }} + {{- end }} + {{- if and (eq .Values.storegateway.service.type "LoadBalancer") .Values.storegateway.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{- toYaml .Values.storegateway.service.loadBalancerSourceRanges | nindent 4 }} + {{- end }} + ports: + - port: {{ .Values.storegateway.service.ports.http }} + targetPort: http + protocol: TCP + name: http + {{- if and (or (eq .Values.storegateway.service.type "NodePort") (eq .Values.storegateway.service.type "LoadBalancer")) .Values.storegateway.service.nodePorts.http }} + nodePort: {{ .Values.storegateway.service.nodePorts.http }} + {{- else if eq .Values.storegateway.service.type "ClusterIP" }} + nodePort: null + {{- end }} + - port: {{ .Values.storegateway.service.ports.grpc }} + targetPort: grpc + protocol: TCP + name: grpc + {{- if and (or (eq .Values.storegateway.service.type "NodePort") (eq .Values.storegateway.service.type "LoadBalancer")) .Values.storegateway.service.nodePorts.grpc }} + nodePort: {{ .Values.storegateway.service.nodePorts.grpc }} + {{- else if eq .Values.storegateway.service.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- if .Values.storegateway.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.storegateway.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: + {{- if .Values.storegateway.service.labelSelectorsOverride }} + {{- include "common.tplvalues.render" (dict "value" .Values.storegateway.service.labelSelectorsOverride "context" $) | nindent 4 }} + {{- else }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.storegateway.podLabels .Values.commonLabels ) "context" . ) }} + {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: storegateway + {{- end }} +{{- end }} diff --git a/charts/thanos/templates/storegateway/serviceaccount.yaml b/charts/thanos/templates/storegateway/serviceaccount.yaml new file mode 100644 index 0000000000..49cf0b4f41 --- /dev/null +++ b/charts/thanos/templates/storegateway/serviceaccount.yaml @@ -0,0 +1,19 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.storegateway.enabled .Values.storegateway.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "thanos.storegateway.serviceAccountName" . }} + namespace: {{ include "common.names.namespace" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: storegateway + {{- if or .Values.storegateway.serviceAccount.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.storegateway.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.storegateway.serviceAccount.automountServiceAccountToken }} +{{- end }} diff --git a/charts/thanos/templates/storegateway/servicemonitor.yaml b/charts/thanos/templates/storegateway/servicemonitor.yaml new file mode 100644 index 0000000000..c6235586eb --- /dev/null +++ b/charts/thanos/templates/storegateway/servicemonitor.yaml @@ -0,0 +1,49 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.storegateway.enabled .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "thanos.storegateway.fullname" . }} + namespace: {{ default .Release.Namespace .Values.metrics.serviceMonitor.namespace | quote }} + {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.serviceMonitor.labels .Values.commonLabels ) "context" . ) }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: storegateway + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.metrics.serviceMonitor.jobLabel }} + jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel }} + {{- end }} + endpoints: + - port: http + {{- if .Values.metrics.serviceMonitor.interval }} + interval: {{ .Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: {{ toYaml .Values.metrics.serviceMonitor.metricRelabelings | nindent 8 }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.relabelings }} + relabelings: {{ toYaml .Values.metrics.serviceMonitor.relabelings | nindent 8 }} + {{- end }} + {{- if .Values.https.enabled }} + scheme: https + {{- end }} + {{- if .Values.metrics.serviceMonitor.extraParameters }} + {{- toYaml .Values.metrics.serviceMonitor.extraParameters | nindent 6 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace | quote }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: storegateway + {{- include "thanos.servicemonitor.selector" . | nindent 6 -}} +{{- end }} diff --git a/charts/thanos/templates/storegateway/statefulset-sharded.yaml b/charts/thanos/templates/storegateway/statefulset-sharded.yaml new file mode 100644 index 0000000000..97457b6eb0 --- /dev/null +++ b/charts/thanos/templates/storegateway/statefulset-sharded.yaml @@ -0,0 +1,361 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.storegateway.enabled .Values.storegateway.sharded.enabled }} + +{{- $shards := int 0 }} +{{- $hashPartitioning := false }} +{{- $timePartitioning := false }} +{{- if .Values.storegateway.sharded.hashPartitioning.shards }} + {{- $shards = int .Values.storegateway.sharded.hashPartitioning.shards }} + {{- $hashPartitioning = true }} +{{- else }} + {{- $shards = len .Values.storegateway.sharded.timePartitioning }} + {{- $timePartitioning = true }} +{{- end }} + +{{- range $index, $_ := until $shards }} +apiVersion: {{ include "common.capabilities.statefulset.apiVersion" $ }} +kind: StatefulSet +metadata: + name: {{ printf "%s-%s" (include "thanos.storegateway.fullname" $) (toString $index) | trunc 63 | trimSuffix "-" }} + namespace: {{ include "common.names.namespace" $ }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: storegateway + shard: {{ $index | quote }} + {{- if $.Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if not $.Values.storegateway.autoscaling.enabled }} + replicas: {{ $.Values.storegateway.replicaCount }} + {{- end }} + revisionHistoryLimit: {{ $.Values.storegateway.revisionHistoryLimit }} + podManagementPolicy: {{ $.Values.storegateway.podManagementPolicy }} + {{- $svcNamePrefix := printf "%s-storegateway" (include "common.names.fullname" $) | trunc 61 | trimSuffix "-" }} + serviceName: {{ printf "%s-%s" $svcNamePrefix (toString $index) }} + {{- if $.Values.storegateway.updateStrategy }} + updateStrategy: {{- toYaml $.Values.storegateway.updateStrategy | nindent 4 }} + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list $.Values.storegateway.podLabels $.Values.commonLabels ) "context" $ ) }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: storegateway + shard: {{ $index | quote }} + template: + metadata: + labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }} + app.kubernetes.io/component: storegateway + shard: {{ $index | quote }} + {{- if or $.Values.storegateway.podAnnotations (include "thanos.storegateway.createConfigmap" $) (include "thanos.createObjstoreSecret" $) }} + annotations: + {{- if (include "thanos.createObjstoreSecret" $) }} + checksum/objstore-configuration: {{ include "thanos.objstoreConfig" $ | sha256sum }} + {{- end }} + {{- if (include "thanos.storegateway.createConfigmap" $) }} + checksum/storegateway-configuration: {{ include "thanos.storegatewayConfigMap" $ | sha256sum }} + {{- end }} + {{- if $.Values.storegateway.podAnnotations }} + {{- include "common.tplvalues.render" (dict "value" $.Values.storegateway.podAnnotations "context" $) | nindent 8 }} + {{- end }} + {{- end }} + spec: + {{- include "thanos.imagePullSecrets" $ | nindent 6 }} + serviceAccountName: {{ include "thanos.storegateway.serviceAccountName" $ }} + automountServiceAccountToken: {{ $.Values.storegateway.automountServiceAccountToken }} + {{- if $.Values.storegateway.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" $.Values.storegateway.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if $.Values.storegateway.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" $.Values.storegateway.affinity "context" (set $ "shardLoopId" $index)) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" $.Values.storegateway.podAffinityPreset "component" "storegateway" "customLabels" $podLabels "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" $.Values.storegateway.podAntiAffinityPreset "component" "storegateway" "customLabels" $podLabels "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" $.Values.storegateway.nodeAffinityPreset.type "key" $.Values.storegateway.nodeAffinityPreset.key "values" $.Values.storegateway.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if $.Values.storegateway.dnsConfig }} + dnsConfig: {{- include "common.tplvalues.render" (dict "value" $.Values.storegateway.dnsConfig "context" $) | nindent 8 }} + {{- end }} + {{- if $.Values.storegateway.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" $.Values.storegateway.nodeSelector "context" (set $ "shardLoopId" $index)) | nindent 8 }} + {{- end }} + {{- if $.Values.storegateway.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" $.Values.storegateway.tolerations "context" (set $ "shardLoopId" $index)) | nindent 8 }} + {{- end }} + {{- if $.Values.storegateway.priorityClassName }} + priorityClassName: {{ $.Values.storegateway.priorityClassName | quote }} + {{- end }} + {{- if $.Values.storegateway.schedulerName }} + schedulerName: {{ $.Values.storegateway.schedulerName }} + {{- end }} + {{- if $.Values.storegateway.podSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" $.Values.storegateway.podSecurityContext "context" $) | nindent 8 }} + {{- end }} + {{- if $.Values.storegateway.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" $.Values.storegateway.topologySpreadConstraints "context" $) | nindent 8 }} + {{- end }} + {{- if or $.Values.storegateway.initContainers (and $.Values.volumePermissions.enabled $.Values.storegateway.persistence.enabled) }} + initContainers: + {{- if and $.Values.volumePermissions.enabled $.Values.storegateway.persistence.enabled }} + - name: init-chmod-data + image: {{ include "thanos.volumePermissions.image" $ }} + imagePullPolicy: {{ $.Values.volumePermissions.image.pullPolicy | quote }} + command: + - sh + - -c + - | + mkdir -p /data + chown -R "{{ $.Values.storegateway.containerSecurityContext.runAsUser }}:{{ $.Values.storegateway.podSecurityContext.fsGroup }}" /data + securityContext: + runAsUser: 0 + volumeMounts: + - name: data + mountPath: /data + {{- end }} + {{- if $.Values.storegateway.initContainers }} + {{- include "common.tplvalues.render" (dict "value" $.Values.storegateway.initContainers "context" $) | nindent 8 }} + {{- end }} + {{- end }} + containers: + {{- if $.Values.storegateway.sidecars }} + {{- include "common.tplvalues.render" (dict "value" $.Values.storegateway.sidecars "context" $) | nindent 8 }} + {{- end }} + - name: storegateway + image: {{ include "thanos.image" $ }} + imagePullPolicy: {{ $.Values.image.pullPolicy | quote }} + {{- if $.Values.storegateway.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" $.Values.storegateway.containerSecurityContext "context" $) | nindent 12 }} + {{- end }} + {{- if $.Values.storegateway.command }} + command: {{- include "common.tplvalues.render" (dict "value" $.Values.storegateway.command "context" $) | nindent 12 }} + {{- end }} + args: + {{- if $.Values.storegateway.args }} + {{- include "common.tplvalues.render" (dict "value" $.Values.storegateway.args "context" $) | nindent 12 }} + {{- else }} + - store + - --log.level={{ $.Values.storegateway.logLevel }} + - --log.format={{ $.Values.storegateway.logFormat }} + - --grpc-address=0.0.0.0:{{ $.Values.storegateway.containerPorts.grpc }} + - --http-address=0.0.0.0:{{ $.Values.storegateway.containerPorts.http }} + - --data-dir=/data + - --objstore.config-file=/conf/objstore.yml + {{- if (include "thanos.httpConfigEnabled" $) }} + - --http.config=/conf/http/http-config.yml + {{- end }} + {{- if $.Values.indexCacheConfig }} + - --index-cache.config-file=/conf/cache/index-cache.yml + {{- end }} + {{- if $.Values.bucketCacheConfig }} + - --store.caching-bucket.config-file=/conf/cache/bucket-cache.yml + {{- end }} + {{- if or (include "thanos.storegateway.createConfigmap" $) $.Values.storegateway.existingConfigmap }} + - --index-cache.config-file=/conf/cache/config.yml + {{- end }} + {{- if $.Values.storegateway.grpc.server.tls.enabled }} + - --grpc-server-tls-cert=/certs/grpc/{{ include "common.secrets.key" (dict "existingSecret" $.Values.storegateway.grpc.server.tls.existingSecret "key" "tls-cert") }} + - --grpc-server-tls-key=/certs/grpc/{{ include "common.secrets.key" (dict "existingSecret" $.Values.storegateway.grpc.server.tls.existingSecret "key" "tls-key") }} + {{- if $.Values.storegateway.grpc.server.tls.clientAuthEnabled }} + - --grpc-server-tls-client-ca=/certs/grpc/{{ include "common.secrets.key" (dict "existingSecret" $.Values.storegateway.grpc.server.tls.existingSecret "key" "ca-cert") }} + {{- end }} + {{- end }} + {{- if $hashPartitioning }} + - | + --selector.relabel-config= + - action: hashmod + source_labels: ["__block_id"] + target_label: shard + modulus: {{ $shards }} + - action: keep + source_labels: ["shard"] + regex: {{ $index }} + {{- end }} + {{- if $timePartitioning }} + {{- $partion := (slice $.Values.storegateway.sharded.timePartitioning $index) | first }} + {{- if $partion.max }} + - --max-time={{ $partion.max }} + {{- end }} + {{- if $partion.min }} + - --min-time={{ $partion.min }} + {{- end }} + {{- end }} + {{- if $.Values.storegateway.extraFlags }} + {{- $.Values.storegateway.extraFlags | toYaml | nindent 12 }} + {{- end }} + {{- end }} + {{- if $.Values.storegateway.extraEnvVars }} + env: {{- include "common.tplvalues.render" (dict "value" $.Values.storegateway.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + {{- if or $.Values.storegateway.extraEnvVarsCM $.Values.storegateway.extraEnvVarsSecret }} + envFrom: + {{- if $.Values.storegateway.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" (dict "value" $.Values.storegateway.extraEnvVarsCM "context" $) }} + {{- end }} + {{- if $.Values.storegateway.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" $.Values.storegateway.extraEnvVarsSecret "context" $) }} + {{- end }} + {{- end }} + ports: + - name: http + containerPort: {{ $.Values.storegateway.containerPorts.http }} + protocol: TCP + - name: grpc + containerPort: {{ $.Values.storegateway.containerPorts.grpc }} + protocol: TCP + {{- if $.Values.storegateway.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" $.Values.storegateway.customLivenessProbe "context" $) | nindent 12 }} + {{- else if $.Values.storegateway.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit $.Values.storegateway.livenessProbe "enabled") "context" $) | nindent 12 }} + {{- if not $.Values.auth.basicAuthUsers }} + httpGet: + path: /-/healthy + port: http + scheme: {{ ternary "HTTPS" "HTTP" $.Values.https.enabled }} + {{- else }} + tcpSocket: + port: http + {{- end }} + {{- end }} + {{- if $.Values.storegateway.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" $.Values.storegateway.customReadinessProbe "context" $) | nindent 12 }} + {{- else if $.Values.storegateway.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit $.Values.storegateway.readinessProbe "enabled") "context" $) | nindent 12 }} + {{- if not $.Values.auth.basicAuthUsers }} + httpGet: + path: /-/ready + port: http + scheme: {{ ternary "HTTPS" "HTTP" $.Values.https.enabled }} + {{- else }} + tcpSocket: + port: http + {{- end }} + {{- end }} + {{- if $.Values.storegateway.customReadinessProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" $.Values.storegateway.customStartupProbe "context" $) | nindent 12 }} + {{- else if $.Values.storegateway.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit $.Values.storegateway.startupProbe "enabled") "context" $) | nindent 12 }} + {{- if not $.Values.auth.basicAuthUsers }} + httpGet: + path: /-/ready + port: http + scheme: {{ ternary "HTTPS" "HTTP" $.Values.https.enabled }} + {{- else }} + tcpSocket: + port: http + {{- end }} + {{- end }} + {{- if $.Values.storegateway.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" $.Values.storegateway.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + {{- if $timePartitioning }} + {{- $partion := (slice $.Values.storegateway.sharded.timePartitioning $index) | first }} + {{- if $partion.resources }} + resources: {{- toYaml $partion.resources | nindent 12 }} + {{- else if $.Values.storegateway.resources }} + resources: {{- toYaml $.Values.storegateway.resources | nindent 12 }} + {{- else if ne $.Values.storegateway.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" $.Values.storegateway.resourcesPreset) | nindent 12 }} + {{- end }} + {{- else -}} + {{- if $.Values.storegateway.resources }} + resources: {{- toYaml $.Values.storegateway.resources | nindent 12 }} + {{- else if ne $.Values.storegateway.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" $.Values.storegateway.resourcesPreset) | nindent 12 }} + {{- end }} + {{- end }} + volumeMounts: + - name: objstore-config + mountPath: /conf + {{- if (include "thanos.httpConfigEnabled" $) }} + - name: http-config + mountPath: /conf/http + {{- if $.Values.https.enabled }} + - name: http-certs + mountPath: /certs + {{- end }} + {{- end }} + - name: data + mountPath: /data + {{- if or (include "thanos.storegateway.createConfigmap" $) $.Values.storegateway.existingConfigmap }} + - name: cache-config + mountPath: /conf/cache + {{- end }} + {{- if $.Values.storegateway.grpc.server.tls.enabled }} + - name: grpc-server-tls + mountPath: /certs/grpc + {{- end }} + {{- if $.Values.storegateway.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" $.Values.storegateway.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + volumes: + - name: objstore-config + secret: + secretName: {{ include "thanos.objstoreSecretName" $ }} + {{- if $.Values.existingObjstoreSecretItems }} + items: {{- toYaml $.Values.existingObjstoreSecretItems | nindent 14 }} + {{- end }} + {{- if (include "thanos.httpConfigEnabled" $) }} + - name: http-config + secret: + secretName: {{ include "thanos.httpConfigSecretName" $ }} + {{- if $.Values.https.enabled }} + - name: http-certs + secret: + secretName: {{ include "thanos.httpCertsSecretName" $ }} + {{- end }} + {{- end }} + {{- if $.Values.storegateway.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" $.Values.storegateway.extraVolumes "context" $) | nindent 8 }} + {{- end }} + {{- if or (include "thanos.storegateway.createConfigmap" $) $.Values.storegateway.existingConfigmap }} + - name: cache-config + configMap: + name: {{ include "thanos.storegateway.configmapName" $ }} + {{- end }} + {{- if $.Values.storegateway.grpc.server.tls.enabled }} + - name: grpc-server-tls + secret: + secretName: {{ include "common.secrets.name" (dict "existingSecret" $.Values.storegateway.grpc.server.tls.existingSecret "defaultNameSuffix" "store-grpc-server" "context" $) }} + {{- end }} + {{- if and $.Values.storegateway.persistence.enabled $.Values.storegateway.persistence.existingClaim }} + - name: data + persistentVolumeClaim: + claimName: {{ $.Values.storegateway.persistence.existingClaim }} + {{- else if not $.Values.storegateway.persistence.enabled }} + - name: data + emptyDir: {} + {{- else if and $.Values.storegateway.persistence.enabled (not $.Values.storegateway.persistence.existingClaim) }} + {{- if semverCompare ">=1.23-0" (include "common.capabilities.kubeVersion" $) -}} + {{- if $.Values.storegateway.persistentVolumeClaimRetentionPolicy.enabled }} + persistentVolumeClaimRetentionPolicy: + whenDeleted: {{ $.Values.storegateway.persistentVolumeClaimRetentionPolicy.whenDeleted }} + whenScaled: {{ $.Values.storegateway.persistentVolumeClaimRetentionPolicy.whenScaled }} + {{- end }} + {{- end }} + volumeClaimTemplates: + - metadata: + name: data + {{- if $.Values.storegateway.persistence.labels }} + labels: {{- include "common.tplvalues.render" ( dict "value" $.Values.storegateway.persistence.labels "context" $) | nindent 10 }} + {{- end }} + {{- if $.Values.storegateway.persistence.annotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.storegateway.persistence.annotations "context" $) | nindent 10 }} + {{- end }} + spec: + accessModes: + {{- range $.Values.storegateway.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ $.Values.storegateway.persistence.size | quote }} + {{- include "common.storage.class" (dict "persistence" $.Values.storegateway.persistence "global" $.Values.global) | nindent 8 }} + {{- end }} +--- +{{- end }} +{{- end }} diff --git a/charts/thanos/templates/storegateway/statefulset.yaml b/charts/thanos/templates/storegateway/statefulset.yaml new file mode 100644 index 0000000000..5333f2c34d --- /dev/null +++ b/charts/thanos/templates/storegateway/statefulset.yaml @@ -0,0 +1,314 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if and .Values.storegateway.enabled (not .Values.storegateway.sharded.enabled) }} +apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} +kind: StatefulSet +metadata: + name: {{ include "thanos.storegateway.fullname" . }} + namespace: {{ include "common.names.namespace" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: storegateway + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if not .Values.storegateway.autoscaling.enabled }} + replicas: {{ .Values.storegateway.replicaCount }} + {{- end }} + revisionHistoryLimit: {{ .Values.storegateway.revisionHistoryLimit }} + podManagementPolicy: {{ .Values.storegateway.podManagementPolicy }} + serviceName: {{ include "thanos.storegateway.fullname" . }}-headless + {{- if .Values.storegateway.updateStrategy }} + updateStrategy: {{- toYaml .Values.storegateway.updateStrategy | nindent 4 }} + {{- end }} + {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.storegateway.podLabels .Values.commonLabels ) "context" . ) }} + selector: + matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} + app.kubernetes.io/component: storegateway + template: + metadata: + labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }} + app.kubernetes.io/component: storegateway + {{- if or .Values.storegateway.podAnnotations (include "thanos.storegateway.createConfigmap" $) (include "thanos.createObjstoreSecret" $) }} + annotations: + {{- if (include "thanos.createObjstoreSecret" .) }} + checksum/objstore-configuration: {{ include "thanos.objstoreConfig" . | sha256sum }} + {{- end }} + {{- if (include "thanos.storegateway.createConfigmap" .) }} + checksum/storegateway-configuration: {{ include "thanos.storegatewayConfigMap" . | sha256sum }} + {{- end }} + {{- if .Values.storegateway.podAnnotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.storegateway.podAnnotations "context" $) | nindent 8 }} + {{- end }} + {{- end }} + spec: + {{- include "thanos.imagePullSecrets" . | nindent 6 }} + serviceAccountName: {{ include "thanos.storegateway.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.storegateway.automountServiceAccountToken }} + {{- if .Values.storegateway.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.storegateway.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.storegateway.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.storegateway.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.storegateway.podAffinityPreset "component" "storegateway" "customLabels" $podLabels "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.storegateway.podAntiAffinityPreset "component" "storegateway" "customLabels" $podLabels "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.storegateway.nodeAffinityPreset.type "key" .Values.storegateway.nodeAffinityPreset.key "values" .Values.storegateway.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.storegateway.dnsConfig }} + dnsConfig: {{- include "common.tplvalues.render" (dict "value" .Values.storegateway.dnsConfig "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.storegateway.dnsPolicy }} + dnsPolicy: {{ .Values.storegateway.dnsPolicy | quote }} + {{- end }} + {{- if .Values.storegateway.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.storegateway.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.storegateway.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.storegateway.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.storegateway.priorityClassName }} + priorityClassName: {{ .Values.storegateway.priorityClassName | quote }} + {{- end }} + {{- if .Values.storegateway.schedulerName }} + schedulerName: {{ .Values.storegateway.schedulerName }} + {{- end }} + {{- if .Values.storegateway.podSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.storegateway.podSecurityContext "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.storegateway.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.storegateway.topologySpreadConstraints "context" $) | nindent 8 }} + {{- end }} + {{- if or .Values.storegateway.initContainers (and .Values.volumePermissions.enabled .Values.storegateway.persistence.enabled) }} + initContainers: + {{- if and .Values.volumePermissions.enabled .Values.storegateway.persistence.enabled }} + - name: init-chmod-data + image: {{ include "thanos.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + command: + - sh + - -c + - | + mkdir -p /data + chown -R "{{ .Values.storegateway.containerSecurityContext.runAsUser }}:{{ .Values.storegateway.podSecurityContext.fsGroup }}" /data + securityContext: + runAsUser: 0 + volumeMounts: + - name: data + mountPath: /data + {{- end }} + {{- if .Values.storegateway.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.storegateway.initContainers "context" $) | nindent 8 }} + {{- end }} + {{- end }} + containers: + {{- if .Values.storegateway.sidecars }} + {{- include "common.tplvalues.render" (dict "value" .Values.storegateway.sidecars "context" $) | nindent 8 }} + {{- end }} + - name: storegateway + image: {{ include "thanos.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.storegateway.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.storegateway.containerSecurityContext "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.storegateway.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.storegateway.command "context" $) | nindent 12 }} + {{- end }} + args: + {{- if .Values.storegateway.args }} + {{- include "common.tplvalues.render" (dict "value" .Values.storegateway.args "context" $) | nindent 12 }} + {{- else }} + - store + - --log.level={{ .Values.storegateway.logLevel }} + - --log.format={{ .Values.storegateway.logFormat }} + - --grpc-address=0.0.0.0:{{ .Values.storegateway.containerPorts.grpc }} + - --http-address=0.0.0.0:{{ .Values.storegateway.containerPorts.http }} + - --data-dir=/data + - --objstore.config-file=/conf/objstore.yml + {{- if (include "thanos.httpConfigEnabled" .) }} + - --http.config=/conf/http/http-config.yml + {{- end }} + {{- if .Values.indexCacheConfig }} + - --index-cache.config-file=/conf/cache/index-cache.yml + {{- end }} + {{- if .Values.bucketCacheConfig }} + - --store.caching-bucket.config-file=/conf/cache/bucket-cache.yml + {{- end }} + {{- if or .Values.storegateway.config .Values.storegateway.existingConfigmap }} + - --index-cache.config-file=/conf/cache/config.yml + {{- end }} + {{- if .Values.storegateway.grpc.server.tls.enabled }} + - --grpc-server-tls-cert=/certs/grpc/{{ include "common.secrets.key" (dict "existingSecret" .Values.storegateway.grpc.server.tls.existingSecret "key" "tls-cert") }} + - --grpc-server-tls-key=/certs/grpc/{{ include "common.secrets.key" (dict "existingSecret" .Values.storegateway.grpc.server.tls.existingSecret "key" "tls-key") }} + {{- if .Values.storegateway.grpc.server.tls.clientAuthEnabled }} + - --grpc-server-tls-client-ca=/certs/grpc/{{ include "common.secrets.key" (dict "existingSecret" .Values.storegateway.grpc.server.tls.existingSecret "key" "ca-cert") }} + {{- end }} + {{- end }} + {{- if .Values.storegateway.extraFlags }} + {{- include "common.tplvalues.render" (dict "value" .Values.storegateway.extraFlags "context" $) | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.storegateway.extraEnvVars }} + env: {{- include "common.tplvalues.render" (dict "value" .Values.storegateway.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + {{- if or .Values.storegateway.extraEnvVarsCM .Values.storegateway.extraEnvVarsSecret }} + envFrom: + {{- if .Values.storegateway.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.storegateway.extraEnvVarsCM "context" $) }} + {{- end }} + {{- if .Values.storegateway.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.storegateway.extraEnvVarsSecret "context" $) }} + {{- end }} + {{- end }} + ports: + - name: http + containerPort: {{ .Values.storegateway.containerPorts.http }} + protocol: TCP + - name: grpc + containerPort: {{ .Values.storegateway.containerPorts.grpc }} + protocol: TCP + {{- if .Values.storegateway.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.storegateway.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.storegateway.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.storegateway.livenessProbe "enabled") "context" $) | nindent 12 }} + {{- if not .Values.auth.basicAuthUsers }} + httpGet: + path: /-/healthy + port: http + scheme: {{ ternary "HTTPS" "HTTP" .Values.https.enabled }} + {{- else }} + tcpSocket: + port: http + {{- end }} + {{- end }} + {{- if .Values.storegateway.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.storegateway.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.storegateway.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.storegateway.readinessProbe "enabled") "context" $) | nindent 12 }} + {{- if not .Values.auth.basicAuthUsers }} + httpGet: + path: /-/ready + port: http + scheme: {{ ternary "HTTPS" "HTTP" .Values.https.enabled }} + {{- else }} + tcpSocket: + port: http + {{- end }} + {{- end }} + {{- if .Values.storegateway.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.storegateway.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.storegateway.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.storegateway.startupProbe "enabled") "context" $) | nindent 12 }} + {{- if not .Values.auth.basicAuthUsers }} + httpGet: + path: /-/ready + port: http + scheme: {{ ternary "HTTPS" "HTTP" .Values.https.enabled }} + {{- else }} + tcpSocket: + port: http + {{- end }} + {{- end }} + {{- if .Values.storegateway.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.storegateway.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.storegateway.resources }} + resources: {{- toYaml .Values.storegateway.resources | nindent 12 }} + {{- else if ne .Values.storegateway.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.storegateway.resourcesPreset) | nindent 12 }} + {{- end }} + volumeMounts: + {{- if (include "thanos.httpConfigEnabled" .) }} + - name: http-config + mountPath: /conf/http + {{- if .Values.https.enabled }} + - name: http-certs + mountPath: /certs + {{- end }} + {{- end }} + - name: objstore-config + mountPath: /conf + - name: data + mountPath: /data + {{- if or (include "thanos.storegateway.createConfigmap" .) .Values.storegateway.existingConfigmap }} + - name: cache-config + mountPath: /conf/cache + {{- end }} + {{- if .Values.storegateway.grpc.server.tls.enabled }} + - name: grpc-server-tls + mountPath: /certs/grpc + {{- end }} + {{- if .Values.storegateway.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.storegateway.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + volumes: + - name: objstore-config + secret: + secretName: {{ include "thanos.objstoreSecretName" . }} + {{- if .Values.existingObjstoreSecretItems }} + items: {{- toYaml .Values.existingObjstoreSecretItems | nindent 14 }} + {{- end }} + {{- if .Values.storegateway.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.storegateway.extraVolumes "context" $) | nindent 8 }} + {{- end }} + {{- if or (include "thanos.storegateway.createConfigmap" .) .Values.storegateway.existingConfigmap }} + - name: cache-config + configMap: + name: {{ include "thanos.storegateway.configmapName" . }} + {{- end }} + {{- if (include "thanos.httpConfigEnabled" .) }} + - name: http-config + secret: + secretName: {{ include "thanos.httpConfigSecretName" . }} + {{- if .Values.https.enabled }} + - name: http-certs + secret: + secretName: {{ include "thanos.httpCertsSecretName" . }} + {{- end }} + {{- end }} + {{- if .Values.storegateway.grpc.server.tls.enabled }} + - name: grpc-server-tls + secret: + secretName: {{ include "common.secrets.name" (dict "existingSecret" .Values.storegateway.grpc.server.tls.existingSecret "defaultNameSuffix" "store-grpc-server" "context" $) }} + {{- end }} + {{- if and .Values.storegateway.persistence.enabled .Values.storegateway.persistence.existingClaim }} + - name: data + persistentVolumeClaim: + claimName: {{ .Values.storegateway.persistence.existingClaim }} + {{- else if not .Values.storegateway.persistence.enabled }} + - name: data + emptyDir: {} + {{- else if and .Values.storegateway.persistence.enabled (not .Values.storegateway.persistence.existingClaim) }} + {{- if semverCompare ">=1.23-0" (include "common.capabilities.kubeVersion" .) -}} + {{- if .Values.storegateway.persistentVolumeClaimRetentionPolicy.enabled }} + persistentVolumeClaimRetentionPolicy: + whenDeleted: {{ .Values.storegateway.persistentVolumeClaimRetentionPolicy.whenDeleted }} + whenScaled: {{ .Values.storegateway.persistentVolumeClaimRetentionPolicy.whenScaled }} + {{- end }} + {{- end }} + volumeClaimTemplates: + - metadata: + name: data + {{- if .Values.storegateway.persistence.labels }} + labels: {{- include "common.tplvalues.render" ( dict "value" .Values.storegateway.persistence.labels "context" $) | nindent 10 }} + {{- end }} + {{- if .Values.storegateway.persistence.annotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.storegateway.persistence.annotations "context" $) | nindent 10 }} + {{- end }} + spec: + accessModes: + {{- range .Values.storegateway.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.storegateway.persistence.size | quote }} + {{- include "common.storage.class" (dict "persistence" .Values.storegateway.persistence "global" .Values.global) | nindent 8 }} + {{- end }} +{{- end }} diff --git a/charts/thanos/templates/storegateway/tls-secrets.yaml b/charts/thanos/templates/storegateway/tls-secrets.yaml new file mode 100644 index 0000000000..69e7c48f87 --- /dev/null +++ b/charts/thanos/templates/storegateway/tls-secrets.yaml @@ -0,0 +1,46 @@ +{{- /* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.storegateway.ingress.enabled }} +{{- if .Values.storegateway.ingress.secrets }} +{{- range .Values.storegateway.ingress.secrets }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" $ }}-storegateway + namespace: {{ include "common.names.namespace" $ }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: storegateway + {{- if $.Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + tls.crt: {{ .certificate | b64enc }} + tls.key: {{ .key | b64enc }} +--- +{{- end }} +{{- end }} +{{- if and .Values.storegateway.ingress.tls .Values.storegateway.ingress.selfSigned }} +{{- $secretName := printf "%s-tls" .Values.storegateway.ingress.hostname }} +{{- $ca := genCA "thanos-storegateway-ca" 365 }} +{{- $cert := genSignedCert .Values.storegateway.ingress.hostname nil (list .Values.storegateway.ingress.hostname) 365 $ca }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} + namespace: {{ include "common.names.namespace" . }} + labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} + app.kubernetes.io/component: storegateway + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }} + tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }} + tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }} +{{- end }} +{{- end }} diff --git a/charts/thanos/values.yaml b/charts/thanos/values.yaml new file mode 100644 index 0000000000..eb2bae358f --- /dev/null +++ b/charts/thanos/values.yaml @@ -0,0 +1,5015 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +## @section Global parameters +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass + +## @param global.imageRegistry Global Docker image registry +## @param global.imagePullSecrets Global Docker registry secret names as an array +## @param global.defaultStorageClass Global default StorageClass for Persistent Volume(s) +## @param global.storageClass DEPRECATED: use global.defaultStorageClass instead +## +global: + imageRegistry: "" + ## e.g: + ## imagePullSecrets: + ## - myRegistryKeySecretName + ## + imagePullSecrets: [] + defaultStorageClass: "" + storageClass: "" + ## Compatibility adaptations for Kubernetes platforms + ## + compatibility: + ## Compatibility adaptations for Openshift + ## + openshift: + ## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) + ## + adaptSecurityContext: auto +## @section Common parameters + +## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) +## +kubeVersion: "" +## @param nameOverride String to partially override common.names.fullname template (will maintain the release name) +## +nameOverride: "" +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: "" +## @param commonLabels Add labels to all the deployed resources +## +commonLabels: {} +## @param commonAnnotations Add annotations to all the deployed resources +## +commonAnnotations: {} +## @param clusterDomain Kubernetes Cluster Domain +## +clusterDomain: cluster.local +## @param extraDeploy Array of extra objects to deploy with the release +## +extraDeploy: [] +## @section Thanos common parameters + +## Bitnami Thanos image +## ref: https://hub.docker.com/r/bitnami/thanos/tags/ +## @param image.registry [default: REGISTRY_NAME] Thanos image registry +## @param image.repository [default: REPOSITORY_NAME/thanos] Thanos image repository +## @skip image.tag Thanos image tag (immutable tags are recommended) +## @param image.digest Thanos image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag +## @param image.pullPolicy Thanos image pull policy +## @param image.pullSecrets Specify docker-registry secret names as an array +## +image: + registry: docker.io + repository: bitnami/thanos + tag: 0.35.1-debian-12-r5 + digest: "" + ## Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] +## @param objstoreConfig The [objstore configuration](https://thanos.io/tip/thanos/storage.md/) +## Specify content for objstore.yml +## +objstoreConfig: "" +## @param indexCacheConfig The [index cache configuration](https://thanos.io/tip/components/store.md/) +## Specify content for index-cache.yml +## +indexCacheConfig: "" +## @param bucketCacheConfig The [bucket cache configuration](https://thanos.io/tip/components/store.md/) +## Specify content for bucket-cache.yml +## +bucketCacheConfig: "" +## @param existingObjstoreSecret Secret with Objstore Configuration +## Note: This will override objstoreConfig +## +existingObjstoreSecret: "" +## @param existingObjstoreSecretItems Optional item list for specifying a custom Secret key. If so, path should be objstore.yml +## +existingObjstoreSecretItems: [] +## @param httpConfig The [https and basic auth configuration](https://thanos.io/tip/operating/https.md/) +## If provided, overrides settings under https.* and auth.* +httpConfig: "" +## @param existingHttpConfigSecret Secret containing the HTTPS and Basic auth configuration +## +existingHttpConfigSecret: "" +## HTTPS configuration (Experimental) +## Ref: https://thanos.io/tip/operating/https.md/ +## +https: + ## @param https.enabled Set to true to enable HTTPS. Requires a secret containing the certificate and key. + ## + enabled: false + ## @param https.autoGenerated Create self-signed TLS certificates. + ## + autoGenerated: false + ## @param https.existingSecret Existing secret containing your own server key and certificate + ## + existingSecret: "" + ## @param https.certFilename + ## + certFilename: "tls.crt" + ## @param https.keyFilename + ## + keyFilename: "tls.key" + ## @param https.caFilename + ## + caFilename: "ca.crt" + ## @param https.key TLS Key for Thanos HTTPS - ignored if existingSecret is provided + ## @param https.cert TLS Certificate for Thanos HTTPS - ignored if existingSecret is provided + ## @param https.ca (Optional, used for client) CA Certificate for Thanos HTTPS - ignored if existingSecret is provided + ## + key: "" + cert: "" + ca: "" + ## @param https.clientAuthType Server policy for client authentication using certificates. Maps to ClientAuth Policies. + ## For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType + clientAuthType: "" + ## @param https.extraTlsServerConfig Extra tls_server_config options + ## For more detail on possible options: https://thanos.io/tip/operating/https.md + extraTlsServerConfig: {} +## Thanos Basic authentication (Experimental) +## +auth: + ## @param auth.basicAuthUsers Object containing : key-value pairs for each user that will have access via basic authentication + ## Note: Passwords will be later encrypted using bcrypt + basicAuthUsers: {} +## @section Thanos Query parameters +query: + ## @param query.enabled Set to true to enable Thanos Query component + ## + enabled: true + ## @param query.logLevel Thanos Query log level + ## + logLevel: info + ## @param query.logFormat Thanos Query log format + ## + logFormat: logfmt + ## @param query.replicaLabel Replica indicator(s) along which data is de-duplicated + ## + replicaLabel: [replica] + ## Dynamically configure store APIs using DNS discovery + ## @param query.dnsDiscovery.enabled Enable store APIs discovery via DNS + ## @param query.dnsDiscovery.sidecarsService Sidecars service name to discover them using DNS discovery + ## @param query.dnsDiscovery.sidecarsNamespace Sidecars namespace to discover them using DNS discovery + ## + dnsDiscovery: + enabled: true + sidecarsService: "" + sidecarsNamespace: "" + ## @param query.stores Statically configure store APIs to connect with Thanos Query + ## + stores: [] + ## @param query.sdConfig Query Service Discovery Configuration + ## Specify content for servicediscovery.yml + ## + sdConfig: "" + ## @param query.existingSDConfigmap Name of existing ConfigMap with Ruler configuration + ## NOTE: This will override query.sdConfig + ## + existingSDConfigmap: "" + ## @param query.extraEnvVars Extra environment variables for Thanos Query container + ## e.g: + ## extraEnvVars: + ## - name: FOO + ## value: "bar" + ## + extraEnvVars: [] + ## @param query.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Thanos Query nodes + ## + extraEnvVarsCM: "" + ## @param query.extraEnvVarsSecret Name of existing Secret containing extra env vars for Thanos Query nodes + ## + extraEnvVarsSecret: "" + ## @param query.extraFlags Extra Flags to passed to Thanos Query + ## + extraFlags: [] + ## @param query.command Override default container command (useful when using custom images) + ## + command: [] + ## @param query.args Override default container args (useful when using custom images) + ## + args: [] + ## @param query.replicaCount Number of Thanos Query replicas to deploy + ## + replicaCount: 1 + ## @param query.revisionHistoryLimit The number of old history to retain to allow rollback + ## + revisionHistoryLimit: 10 + ## @param query.updateStrategy.type Update strategy type for Thanos Query replicas + ## + updateStrategy: + type: RollingUpdate + ## @param query.containerPorts.http HTTP container port + ## @param query.containerPorts.grpc HTTP container port + ## + containerPorts: + http: 10902 + grpc: 10901 + ## K8s Pod Security Context for Thanos Query pods + ## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + ## @param query.podSecurityContext.enabled Enable security context for the Thanos Query pods + ## @param query.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy + ## @param query.podSecurityContext.sysctls Set kernel settings using the sysctl interface + ## @param query.podSecurityContext.supplementalGroups Set filesystem extra groups + ## @param query.podSecurityContext.fsGroup Group ID for the filesystem used by Thanos Query pods + ## + podSecurityContext: + enabled: true + fsGroupChangePolicy: Always + sysctls: [] + supplementalGroups: [] + fsGroup: 1001 + ## K8s containers' Security Context for Thanos Query containers + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param query.containerSecurityContext.enabled Enabled containers' Security Context + ## @param query.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container + ## @param query.containerSecurityContext.runAsUser Set containers' Security Context runAsUser + ## @param query.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup + ## @param query.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot + ## @param query.containerSecurityContext.privileged Set container's Security Context privileged + ## @param query.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem + ## @param query.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation + ## @param query.containerSecurityContext.capabilities.drop List of capabilities to be dropped + ## @param query.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile + ## + containerSecurityContext: + enabled: true + seLinuxOptions: {} + runAsUser: 1001 + runAsGroup: 1001 + runAsNonRoot: true + privileged: false + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + seccompProfile: + type: "RuntimeDefault" + ## Thanos Query containers' resource requests and limits + ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## @param query.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if query.resources is set (query.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "nano" + ## @param query.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} + ## Configure extra options for Thanos Query containers' liveness and readiness probes + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes + ## @param query.livenessProbe.enabled Enable livenessProbe on Thanos Query containers + ## @param query.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param query.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param query.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param query.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param query.livenessProbe.successThreshold Success threshold for livenessProbe + ## + livenessProbe: + enabled: true + initialDelaySeconds: 30 + timeoutSeconds: 30 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 6 + ## @param query.readinessProbe.enabled Enable readinessProbe on Thanos Query containers + ## @param query.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param query.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param query.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param query.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param query.readinessProbe.successThreshold Success threshold for readinessProbe + ## + readinessProbe: + enabled: true + initialDelaySeconds: 30 + timeoutSeconds: 30 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 6 + ## @param query.startupProbe.enabled Enable startupProbe on Thanos Query containers + ## @param query.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + ## @param query.startupProbe.periodSeconds Period seconds for startupProbe + ## @param query.startupProbe.timeoutSeconds Timeout seconds for startupProbe + ## @param query.startupProbe.failureThreshold Failure threshold for startupProbe + ## @param query.startupProbe.successThreshold Success threshold for startupProbe + ## + startupProbe: + enabled: false + initialDelaySeconds: 5 + periodSeconds: 5 + timeoutSeconds: 1 + failureThreshold: 15 + successThreshold: 1 + ## @param query.customLivenessProbe Custom livenessProbe that overrides the default one + ## + customLivenessProbe: {} + ## @param query.customReadinessProbe Custom readinessProbe that overrides the default one + ## + customReadinessProbe: {} + ## @param query.customStartupProbe Custom startupProbe that overrides the default one + ## + customStartupProbe: {} + ## @param query.initContainers Add additional init containers to the Thanos Query pods + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + ## e.g: + ## initContainers: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## command: ['sh', '-c', 'echo "hello world"'] + ## + initContainers: [] + ## @param query.sidecars Extra containers running as sidecars to Thanos Query pods + ## e.g: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + sidecars: [] + ## @param query.extraVolumes Extra volumes to add to Thanos Query + ## + extraVolumes: [] + ## @param query.extraVolumeMounts Extra volume mounts to add to the query container + ## + extraVolumeMounts: [] + ## @param query.podAffinityPreset Thanos Query pod affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAffinityPreset: "" + ## @param query.podAntiAffinityPreset Thanos Query pod anti-affinity preset. Ignored if `query.affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAntiAffinityPreset: soft + ## @param query.podAntiAffinityPresetTopologyKey Thanos Query pod anti-affinity topologyKey. Ignored if `query.affinity` is set. + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAntiAffinityPresetTopologyKey: "" + ## Thanos Query node affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## + nodeAffinityPreset: + ## @param query.nodeAffinityPreset.type Thanos Query node affinity preset type. Ignored if `query.affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param query.nodeAffinityPreset.key Thanos Query node label key to match Ignored if `query.affinity` is set. + ## e.g: + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## @param query.nodeAffinityPreset.values Thanos Query node label values to match. Ignored if `query.affinity` is set. + ## e.g: + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + ## @param query.affinity Thanos Query affinity for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## Note: query.podAffinityPreset, query.podAntiAffinityPreset, and query.nodeAffinityPreset will be ignored when it's set + ## + affinity: {} + ## @param query.nodeSelector Thanos Query node labels for pod assignment + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ + ## + nodeSelector: {} + ## @param query.tolerations Thanos Query tolerations for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## @param query.podLabels Thanos Query pod labels + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + ## + podLabels: {} + ## @param query.podAnnotations Annotations for Thanos Query pods + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + ## @param query.dnsConfig Deployment pod DNS config + ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ + ## E.g. + ## dnsConfig: + ## options: + ## - name: ndots + ## value: "4" + ## - name: single-request-reopen + ## + dnsConfig: {} + ## @param query.dnsPolicy Deployment pod DNS policy + ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ + ## E.g. + ## dnsPolicy: ClusterFirstWithHostNet + ## + dnsPolicy: "" + ## @param query.hostAliases Deployment pod host aliases + ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + ## + hostAliases: [] + ## @param query.lifecycleHooks for the Thanos Query container(s) to automate configuration before or after startup + ## + lifecycleHooks: {} + ## @param query.priorityClassName Thanos Query priorityClassName + ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ + ## + priorityClassName: "" + ## @param query.schedulerName Name of the k8s scheduler (other than default) for Thanos Query pods + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + ## + schedulerName: "" + ## @param query.topologySpreadConstraints Topology Spread Constraints for Thanos Query pods assignment spread across your cluster among failure-domains + ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods + ## + topologySpreadConstraints: [] + ## Thanos Query GRPC parameters + ## ref: https://github.com/thanos-io/thanos/blob/master/docs/components/query.md#flags + ## + grpc: + ## GRPC server side + ## + server: + ## TLS configuration + ## @param query.grpc.server.tls.enabled Enable TLS encryption in the GRPC server + ## @param query.grpc.server.tls.autoGenerated Create self-signed TLS certificates. Currently only supports PEM certificates + ## @param query.grpc.server.tls.cert TLS Certificate for GRPC server - ignored if existingSecret is provided + ## @param query.grpc.server.tls.key TLS Key for GRPC server - ignored if existingSecret is provided + ## @param query.grpc.server.tls.ca TLS CA to verify clients against - ignored if existingSecret is provided + ## @param query.grpc.server.tls.clientAuthEnabled Enable TLS client verification against provided CA + ## @param query.grpc.server.tls.existingSecret Existing secret containing your own TLS certificates + ## e.g: + ## existingSecret: + ## name: foo + ## keyMapping: + ## ca-cert: ca.pem + ## tls-cert: cert.pem + ## tls-key: key.pem + ## + tls: + enabled: false + autoGenerated: false + cert: "" + key: "" + ca: "" + clientAuthEnabled: true + existingSecret: {} + ## GRPC client side + ## + client: + ## @param query.grpc.client.serverName Server name to verify the hostname on the returned GRPC certificates + ## + serverName: "" + ## TLS configuration + ## @param query.grpc.client.tls.enabled Enable TLS encryption in the GRPC server + ## @param query.grpc.client.tls.autoGenerated Create self-signed TLS certificates. Currently only supports PEM certificates + ## @param query.grpc.client.tls.cert TLS Certificate for GRPC server - ignored if existingSecret is provided + ## @param query.grpc.client.tls.key TLS Key for GRPC server - ignored if existingSecret is provided + ## @param query.grpc.client.tls.ca TLS CA to verify clients against - ignored if existingSecret is provided + ## @param query.grpc.client.tls.existingSecret Existing secret containing your own TLS certificates + ## e.g: + ## existingSecret: + ## name: foo + ## keyMapping: + ## ca-cert: ca.pem + ## tls-cert: cert.pem + ## tls-key: key.pem + ## + tls: + enabled: false + autoGenerated: false + cert: "" + key: "" + ca: "" + existingSecret: {} + ## Network Policies + ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ + ## + networkPolicy: + ## @param query.networkPolicy.enabled Specifies whether a NetworkPolicy should be created + ## + enabled: true + ## @param query.networkPolicy.allowExternal Don't require client label for connections + ## The Policy model to apply. When set to false, only pods with the correct + ## client label will have network access to the ports the application is listening + ## on. When true, the app will accept connections from any source + ## (with the correct destination port). + ## + allowExternal: true + ## @param query.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. + ## + allowExternalEgress: true + ## @param query.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraIngress: + ## - ports: + ## - port: 1234 + ## from: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + extraIngress: [] + ## @param query.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraEgress: + ## - ports: + ## - port: 1234 + ## to: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + ## + extraEgress: [] + ## @param query.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces + ## @param query.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces + ## + ingressNSMatchLabels: {} + ingressNSPodMatchLabels: {} + ## Service parameters + ## + service: + ## @param query.service.type Kubernetes service type + ## + type: ClusterIP + ## @param query.service.ports.http Thanos Query service HTTP port + ## + ports: + http: 9090 + ## @param query.service.nodePorts.http Specify the Thanos Query HTTP nodePort value for the LoadBalancer and NodePort service types + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + nodePorts: + http: "" + ## @param query.service.clusterIP Thanos Query service clusterIP IP + ## e.g: + ## clusterIP: None + ## + clusterIP: "" + ## @param query.service.loadBalancerIP Load balancer IP if service type is `LoadBalancer` + ## Set the LoadBalancer service type to internal only + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + loadBalancerIP: "" + ## @param query.service.loadBalancerSourceRanges Address that are allowed when service is LoadBalancer + ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## e.g: + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param query.service.externalTrafficPolicy Thanos Query service externalTrafficPolicy + ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints + ## + externalTrafficPolicy: Cluster + ## @param query.service.labels Labels for Thanos Query service + ## + labels: {} + ## @param query.service.annotations Annotations for Thanos Query service + ## + annotations: {} + ## @param query.service.extraPorts Extra ports to expose in the Thanos Query service + ## + extraPorts: [] + ## @param query.service.labelSelectorsOverride Selector for Thanos Query service + ## + labelSelectorsOverride: {} + ## @param query.service.additionalHeadless Additional Headless service + ## + additionalHeadless: false + ## Headless service properties + ## + headless: + ## @param query.service.headless.annotations Annotations for the headless service. + ## + annotations: {} + ## Service GRPC parameters + ## + serviceGrpc: + ## @param query.serviceGrpc.type Kubernetes service type + ## + type: ClusterIP + ## @param query.serviceGrpc.ports.grpc Thanos Query service GRPC port + ## + ports: + grpc: 10901 + ## @param query.serviceGrpc.nodePorts.grpc Specify the Thanos Query GRPC nodePort value for the LoadBalancer and NodePort service types + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + nodePorts: + grpc: "" + ## @param query.serviceGrpc.clusterIP Thanos Query service clusterIP IP + ## e.g: + ## clusterIP: None + ## + clusterIP: "" + ## @param query.serviceGrpc.loadBalancerIP Load balancer IP if service type is `LoadBalancer` + ## Set the LoadBalancer service type to internal only + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + loadBalancerIP: "" + ## @param query.serviceGrpc.loadBalancerSourceRanges Address that are allowed when service is LoadBalancer + ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## e.g: + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param query.serviceGrpc.externalTrafficPolicy Thanos Query service externalTrafficPolicy + ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints + ## + externalTrafficPolicy: Cluster + ## @param query.serviceGrpc.labels Labels for Thanos Query service GRPC + ## + labels: {} + ## @param query.serviceGrpc.annotations Annotations for Thanos Query service + ## + annotations: {} + ## @param query.serviceGrpc.extraPorts Extra ports to expose in the Thanos Query service + ## + extraPorts: [] + ## @param query.serviceGrpc.labelSelectorsOverride Selector for Thanos Query service + ## + labelSelectorsOverride: {} + ## @param query.serviceGrpc.additionalHeadless Additional Headless service + ## + additionalHeadless: false + ## Headless service properties + ## + headless: + ## @param query.serviceGrpc.headless.annotations Annotations for the headless service. + ## + annotations: {} + ## Autoscaling parameters + ## @param query.automountServiceAccountToken Enable/disable auto mounting of the service account token only for the deployment + ## + automountServiceAccountToken: true + ## ServiceAccount configuration + ## @param query.serviceAccount.create Specifies whether a ServiceAccount should be created + ## @param query.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template. + ## @param query.serviceAccount.annotations Annotations for Thanos Query Service Account + ## @param query.serviceAccount.automountServiceAccountToken Enable/disable auto mounting of the service account token + ## + serviceAccount: + create: true + name: "" + annotations: {} + automountServiceAccountToken: false + ## RBAC configuration + ## + rbac: + ## @param query.rbac.create Create a ClusterRole and ClusterRoleBinding for the Thanos Query Service Account + ## + create: false + ## @param query.rbac.rules Custom RBAC rules to set + ## e.g: + ## rules: + ## - apiGroups: + ## - "" + ## resources: + ## - pods + ## verbs: + ## - get + ## - list + ## + rules: [] + ## @param query.pspEnabled Whether to create a PodSecurityPolicy for Thanos Query + ## WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later + ## + pspEnabled: false + ## Thanos Query Autoscaling configuration + ## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ + ## @param query.autoscaling.enabled Enable autoscaling for Thanos Query + ## @param query.autoscaling.minReplicas Minimum number of Thanos Query replicas + ## @param query.autoscaling.maxReplicas Maximum number of Thanos Query replicas + ## @param query.autoscaling.targetCPU Target CPU utilization percentage + ## @param query.autoscaling.targetMemory Target Memory utilization percentage + ## + autoscaling: + enabled: false + minReplicas: "" + maxReplicas: "" + targetCPU: "" + targetMemory: "" + ## Thanos Query Pod Disruption Budget configuration + ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb + ## @param query.pdb.create Enable/disable a Pod Disruption Budget creation for Thanos Query + ## @param query.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled + ## @param query.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable + ## + pdb: + create: true + minAvailable: "" + maxUnavailable: "" + ## Configure the ingress resource that allows you to access Thanos Query + ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ + ## + ingress: + ## @param query.ingress.enabled Enable ingress controller resource + ## + enabled: false + ## @param query.ingress.hostname Default host for the ingress resource + ## + hostname: thanos.local + ## @param query.ingress.secretName Custom secretName for the ingress resource + ## If query.ingress.secretName is not set, the secret will be named as follows: query.ingress.hostname-tls + secretName: "" + ## @param query.ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) + ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . + ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ + ## + ingressClassName: "" + ## @param query.ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. + ## For a full list of possible ingress annotations, please see + ## ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md + ## Use this parameter to set the required annotations for cert-manager, see + ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations + ## + ## e.g: + ## annotations: + ## kubernetes.io/ingress.class: nginx + ## cert-manager.io/cluster-issuer: cluster-issuer-name + ## + annotations: {} + ## @param query.ingress.extraHosts The list of additional hostnames to be covered with this ingress record. + ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array + ## extraHosts: + ## - name: thanos.local + ## path: / + ## pathType: ImplementationSpecific + ## + extraHosts: [] + ## @param query.ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. + ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls + ## extraTls: + ## - hosts: + ## - thanos.local + ## secretName: thanos.local-tls + ## + extraTls: [] + ## @param query.ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets + ## key and certificate should start with -----BEGIN CERTIFICATE----- or + ## -----BEGIN RSA PRIVATE KEY----- + ## + ## name should line up with a tlsSecret set further up + ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set + ## + ## It is also possible to create and manage the certificates outside of this helm chart + ## Please see README.md for more information + ## e.g: + ## - name: thanos.local-tls + ## key: + ## certificate: + ## + secrets: [] + ## @param query.ingress.extraRules Additional rules to be covered with this ingress record + ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules + ## e.g: + ## extraRules: + ## - host: example.local + ## http: + ## path: / + ## backend: + ## service: + ## name: example-svc + ## port: + ## name: http + ## + extraRules: [] + ## @param query.ingress.tls Enable TLS configuration for the hostname defined at `query.ingress.hostname` parameter + ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.query.ingress.hostname }}` + ## You can: + ## - Use the `query.ingress.secrets` parameter to create this TLS secret + ## - Rely on cert-manager to create it by setting the corresponding annotations + ## - Rely on Helm to create self-signed certificates by setting `query.ingress.selfSigned=true` + ## + tls: false + ## @param query.ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm + ## + selfSigned: false + ## @param query.ingress.apiVersion Force Ingress API version (automatically detected if not set) + ## + apiVersion: "" + ## @param query.ingress.path Ingress path + ## + path: / + ## @param query.ingress.pathType Ingress path type + ## + pathType: ImplementationSpecific + ## Create an ingress object for the GRPC service. This requires an HTTP/2 + ## capable Ingress controller (eg. traefik using AWS NLB). Example annotations + ## - ingress.kubernetes.io/protocol: h2c + ## - service.beta.kubernetes.io/aws-load-balancer-type: nlb + ## - service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp + ## For more information see https://kubernetes.io/docs/concepts/cluster-administration/cloud-providers/ + ## and also the documentation for your ingress controller. + ## + ## The options that are accepted are identical to the HTTP one listed above + ## + grpc: + ## @param query.ingress.grpc.enabled Enable ingress controller resource (GRPC) + ## + enabled: false + ## @param query.ingress.grpc.hostname Default host for the ingress resource (GRPC) + ## + hostname: thanos-grpc.local + ## @param query.ingress.grpc.secretName Custom secretName for the ingress resource (GRPC) + ## If query.ingress.grpc.secretName is not set, the secret will be named as follows: query.ingress.grpc.hostname-tls + secretName: "" + ## @param query.ingress.grpc.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) + ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . + ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ + ## + ingressClassName: "" + ## @param query.ingress.grpc.annotations Additional annotations for the Ingress resource (GRPC). To enable certificate autogeneration, place here your cert-manager annotations. + ## For a full list of possible ingress annotations, please see + ## ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md + ## Use this parameter to set the required annotations for cert-manager, see + ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations + ## + ## Examples: + ## kubernetes.io/ingress.class: nginx + ## cert-manager.io/cluster-issuer: cluster-issuer-name + ## + annotations: {} + ## @param query.ingress.grpc.extraHosts The list of additional hostnames to be covered with this ingress record. + ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array + ## extraHosts: + ## - name: thanos-grpc.local + ## path: / + ## + extraHosts: [] + ## @param query.ingress.grpc.extraTls The tls configuration for additional hostnames to be covered with this ingress record. + ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls + ## extraTls: + ## - hosts: + ## - thanos-grpc.local + ## secretName: thanos-grpc.local-tls + ## + extraTls: [] + ## @param query.ingress.grpc.secrets If you're providing your own certificates, please use this to add the certificates as secrets + ## key and certificate should start with -----BEGIN CERTIFICATE----- or + ## -----BEGIN RSA PRIVATE KEY----- + ## + ## name should line up with a tlsSecret set further up + ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set + ## + ## It is also possible to create and manage the certificates outside of this helm chart + ## Please see README.md for more information + ## e.g: + ## - name: thanos-grpc.local-tls + ## key: + ## certificate: + ## + secrets: [] + ## @param query.ingress.grpc.extraRules Additional rules to be covered with this ingress record + ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules + ## e.g: + ## extraRules: + ## - host: example.local + ## http: + ## path: / + ## backend: + ## service: + ## name: example-svc + ## port: + ## name: http + ## + extraRules: [] + ## @param query.ingress.grpc.tls Enable TLS configuration for the hostname defined at `query.ingress.grpc.hostname` parameter + ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.query.ingress.grpc.hostname }}` + ## You can: + ## - Use the `query.ingress.grpc.secrets` parameter to create this TLS secret + ## - Rely on cert-manager to create it by setting the corresponding annotations + ## - Rely on Helm to create self-signed certificates by setting `query.ingress.grpc.selfSigned=true` + ## + tls: false + ## @param query.ingress.grpc.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm + ## + selfSigned: false + ## @param query.ingress.grpc.apiVersion Override API Version (automatically detected if not set) + ## + apiVersion: "" + ## @param query.ingress.grpc.path Ingress Path + ## + path: / + ## @param query.ingress.grpc.pathType Ingress Path type + ## + pathType: ImplementationSpecific +## @section Thanos Query Frontend parameters +queryFrontend: + ## @param queryFrontend.enabled Enable/disable Thanos Query Frontend component + ## + enabled: true + ## @param queryFrontend.logLevel Thanos Query Frontend log level + ## + logLevel: info + ## @param queryFrontend.logFormat Thanos Query Frontend log format + ## + logFormat: logfmt + ## @param queryFrontend.config Thanos Query Frontend configuration + ## Specify content for config.yml + ## + config: "" + ## @param queryFrontend.existingConfigmap Name of existing ConfigMap with Thanos Query Frontend configuration + ## NOTE: This will override queryFrontend.config + ## + existingConfigmap: "" + ## @param queryFrontend.extraEnvVars Extra environment variables for Thanos Query Frontend container + ## e.g: + ## extraEnvVars: + ## - name: FOO + ## value: "bar" + ## + extraEnvVars: [] + ## @param queryFrontend.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Thanos Query Frontend nodes + ## + extraEnvVarsCM: "" + ## @param queryFrontend.extraEnvVarsSecret Name of existing Secret containing extra env vars for Thanos Query Frontend nodes + ## + extraEnvVarsSecret: "" + ## @param queryFrontend.extraFlags Extra Flags to passed to Thanos Query Frontend + ## + extraFlags: [] + ## @param queryFrontend.command Override default container command (useful when using custom images) + ## + command: [] + ## @param queryFrontend.args Override default container args (useful when using custom images) + ## + args: [] + ## @param queryFrontend.replicaCount Number of Thanos Query Frontend replicas to deploy + ## + replicaCount: 1 + ## @param queryFrontend.revisionHistoryLimit The number of old history to retain to allow rollback + ## + revisionHistoryLimit: 10 + ## @param queryFrontend.updateStrategy.type Update strategy type for Thanos Query Frontend replicas + ## + updateStrategy: + type: RollingUpdate + ## @param queryFrontend.containerPorts.http HTTP container port + ## + containerPorts: + http: 9090 + ## K8s Pod Security Context for Thanos Query Frontend pods + ## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + ## @param queryFrontend.podSecurityContext.enabled Enable security context for the Thanos Query Frontend pods + ## @param queryFrontend.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy + ## @param queryFrontend.podSecurityContext.sysctls Set kernel settings using the sysctl interface + ## @param queryFrontend.podSecurityContext.supplementalGroups Set filesystem extra groups + ## @param queryFrontend.podSecurityContext.fsGroup Group ID for the filesystem used by Thanos Query Frontend pods + ## + podSecurityContext: + enabled: true + fsGroupChangePolicy: Always + sysctls: [] + supplementalGroups: [] + fsGroup: 1001 + ## K8s containers' Security Context for Thanos Query Frontend containers + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param queryFrontend.containerSecurityContext.enabled Enabled containers' Security Context + ## @param queryFrontend.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container + ## @param queryFrontend.containerSecurityContext.runAsUser Set containers' Security Context runAsUser + ## @param queryFrontend.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup + ## @param queryFrontend.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot + ## @param queryFrontend.containerSecurityContext.privileged Set container's Security Context privileged + ## @param queryFrontend.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem + ## @param queryFrontend.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation + ## @param queryFrontend.containerSecurityContext.capabilities.drop List of capabilities to be dropped + ## @param queryFrontend.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile + ## + containerSecurityContext: + enabled: true + seLinuxOptions: {} + runAsUser: 1001 + runAsGroup: 1001 + runAsNonRoot: true + privileged: false + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + seccompProfile: + type: "RuntimeDefault" + ## Thanos Query Frontend containers' resource requests and limits + ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## @param queryFrontend.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if queryFrontend.resources is set (queryFrontend.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "nano" + ## @param queryFrontend.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} + ## Configure extra options for Thanos Query Frontend containers' liveness and readiness probes + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes + ## @param queryFrontend.livenessProbe.enabled Enable livenessProbe on Thanos Query Frontend containers + ## @param queryFrontend.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param queryFrontend.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param queryFrontend.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param queryFrontend.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param queryFrontend.livenessProbe.successThreshold Success threshold for livenessProbe + ## + livenessProbe: + enabled: true + initialDelaySeconds: 30 + timeoutSeconds: 30 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 6 + ## @param queryFrontend.readinessProbe.enabled Enable readinessProbe on Thanos Query Frontend containers + ## @param queryFrontend.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param queryFrontend.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param queryFrontend.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param queryFrontend.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param queryFrontend.readinessProbe.successThreshold Success threshold for readinessProbe + ## + readinessProbe: + enabled: true + initialDelaySeconds: 30 + timeoutSeconds: 30 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 6 + ## @param queryFrontend.startupProbe.enabled Enable startupProbe on Thanos Query Frontend containers + ## @param queryFrontend.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + ## @param queryFrontend.startupProbe.periodSeconds Period seconds for startupProbe + ## @param queryFrontend.startupProbe.timeoutSeconds Timeout seconds for startupProbe + ## @param queryFrontend.startupProbe.failureThreshold Failure threshold for startupProbe + ## @param queryFrontend.startupProbe.successThreshold Success threshold for startupProbe + ## + startupProbe: + enabled: false + initialDelaySeconds: 5 + periodSeconds: 5 + timeoutSeconds: 1 + failureThreshold: 15 + successThreshold: 1 + ## @param queryFrontend.customLivenessProbe Custom livenessProbe that overrides the default one + ## + customLivenessProbe: {} + ## @param queryFrontend.customReadinessProbe Custom readinessProbe that overrides the default one + ## + customReadinessProbe: {} + ## @param queryFrontend.customStartupProbe Custom startupProbe that overrides the default one + ## + customStartupProbe: {} + ## @param queryFrontend.initContainers Add additional init containers to the Thanos Query Frontend pods + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + ## e.g: + ## initContainers: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## command: ['sh', '-c', 'echo "hello world"'] + ## + initContainers: [] + ## @param queryFrontend.sidecars Extra containers running as sidecars to Thanos Query Frontend pods + ## e.g: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + sidecars: [] + ## @param queryFrontend.extraVolumes Extra volumes to add to Thanos Query Frontend + ## + extraVolumes: [] + ## @param queryFrontend.extraVolumeMounts Extra volume mounts to add to the query-frontend container + ## + extraVolumeMounts: [] + ## @param queryFrontend.podAffinityPreset Thanos Query Frontend pod affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAffinityPreset: "" + ## @param queryFrontend.podAntiAffinityPreset Thanos Query Frontend pod anti-affinity preset. Ignored if `queryFrontend.affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAntiAffinityPreset: soft + ## Thanos Query Frontend node affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## + nodeAffinityPreset: + ## @param queryFrontend.nodeAffinityPreset.type Thanos Query Frontend node affinity preset type. Ignored if `queryFrontend.affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param queryFrontend.nodeAffinityPreset.key Thanos Query Frontend node label key to match. Ignored if `queryFrontend.affinity` is set. + ## e.g: + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## @param queryFrontend.nodeAffinityPreset.values Thanos Query Frontend node label values to match. Ignored if `queryFrontend.affinity` is set. + ## e.g: + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + ## @param queryFrontend.affinity Thanos Query Frontend affinity for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## Note: queryFrontend.podAffinityPreset, queryFrontend.podAntiAffinityPreset, and queryFrontend.nodeAffinityPreset will be ignored when it's set + ## + affinity: {} + ## @param queryFrontend.nodeSelector Thanos Query Frontend node labels for pod assignment + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ + ## + nodeSelector: {} + ## @param queryFrontend.tolerations Thanos Query Frontend tolerations for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## @param queryFrontend.podLabels Thanos Query Frontend pod labels + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + ## + podLabels: {} + ## @param queryFrontend.podAnnotations Annotations for Thanos Query Frontend pods + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + ## @param queryFrontend.dnsConfig Deployment pod DNS config + ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ + ## E.g. + ## dnsConfig: + ## options: + ## - name: ndots + ## value: "4" + ## - name: single-request-reopen + ## + dnsConfig: {} + ## @param queryFrontend.dnsPolicy Deployment pod DNS policy + ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ + ## E.g. + ## dnsPolicy: ClusterFirstWithHostNet + ## + dnsPolicy: "" + ## @param queryFrontend.hostAliases Deployment pod host aliases + ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + ## + hostAliases: [] + ## @param queryFrontend.lifecycleHooks for the Thanos Query Frontend container(s) to automate configuration before or after startup + ## + lifecycleHooks: {} + ## @param queryFrontend.priorityClassName Thanos Query Frontend priorityClassName + ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ + ## + priorityClassName: "" + ## @param queryFrontend.schedulerName Name of the k8s scheduler (other than default) for Thanos Query Frontend pods + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + ## + schedulerName: "" + ## @param queryFrontend.topologySpreadConstraints Topology Spread Constraints for Thanos Query Frontend pods assignment spread across your cluster among failure-domains + ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods + ## + topologySpreadConstraints: [] + ## Network Policies + ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ + ## + networkPolicy: + ## @param queryFrontend.networkPolicy.enabled Specifies whether a NetworkPolicy should be created + ## + enabled: true + ## @param queryFrontend.networkPolicy.allowExternal Don't require client label for connections + ## The Policy model to apply. When set to false, only pods with the correct + ## client label will have network access to the ports the application is listening + ## on. When true, the app will accept connections from any source + ## (with the correct destination port). + ## + allowExternal: true + ## @param queryFrontend.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. + ## + allowExternalEgress: true + ## @param queryFrontend.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraIngress: + ## - ports: + ## - port: 1234 + ## from: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + extraIngress: [] + ## @param queryFrontend.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraEgress: + ## - ports: + ## - port: 1234 + ## to: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + ## + extraEgress: [] + ## @param queryFrontend.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces + ## @param queryFrontend.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces + ## + ingressNSMatchLabels: {} + ingressNSPodMatchLabels: {} + ## Service parameters + ## + service: + ## @param queryFrontend.service.type Kubernetes service type + ## + type: ClusterIP + ## @param queryFrontend.service.ports.http Thanos Query Frontend service HTTP port + ## + ports: + http: 9090 + ## @param queryFrontend.service.nodePorts.http Specify the Thanos Query Frontend HTTP nodePort value for the LoadBalancer and NodePort service types + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + nodePorts: + http: "" + ## @param queryFrontend.service.clusterIP Thanos Query Frontend service clusterIP IP + ## e.g: + ## clusterIP: None + ## + clusterIP: "" + ## @param queryFrontend.service.loadBalancerIP Load balancer IP if service type is `LoadBalancer` + ## Set the LoadBalancer service type to internal only + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + loadBalancerIP: "" + ## @param queryFrontend.service.loadBalancerSourceRanges Address that are allowed when service is LoadBalancer + ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## e.g: + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param queryFrontend.service.externalTrafficPolicy Thanos Query Frontend service externalTrafficPolicy + ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints + ## + externalTrafficPolicy: Cluster + ## @param queryFrontend.service.annotations Annotations for Thanos Query Frontend service + ## + annotations: {} + ## @param queryFrontend.service.labels Labels for Thanos Query Frontend service + ## + labels: {} + ## @param queryFrontend.service.extraPorts Extra ports to expose in the Thanos Query Frontend service + ## + extraPorts: [] + ## @param queryFrontend.service.labelSelectorsOverride Selector for Thanos Query service + ## + labelSelectorsOverride: {} + ## @param queryFrontend.automountServiceAccountToken Enable/disable auto mounting of the service account token only for the deployment + ## + automountServiceAccountToken: true + ## ServiceAccount configuration + ## @param queryFrontend.serviceAccount.create Specifies whether a ServiceAccount should be created + ## @param queryFrontend.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template. + ## @param queryFrontend.serviceAccount.annotations Annotations for Thanos Query Frontend Service Account + ## @param queryFrontend.serviceAccount.automountServiceAccountToken Enable/disable auto mounting of the service account token + ## + serviceAccount: + create: true + name: "" + annotations: {} + automountServiceAccountToken: false + ## RBAC configuration + ## + rbac: + ## @param queryFrontend.rbac.create Create a ClusterRole and ClusterRoleBinding for the Thanos Query Frontend Service Account + ## + create: false + ## @param queryFrontend.rbac.rules Custom RBAC rules to set + ## e.g: + ## rules: + ## - apiGroups: + ## - "" + ## resources: + ## - pods + ## verbs: + ## - get + ## - list + ## + rules: [] + ## @param queryFrontend.pspEnabled Whether to create a PodSecurityPolicy for Thanos Query Frontend + ## WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later + ## + pspEnabled: false + ## Thanos Query Frontend Autoscaling configuration + ## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ + ## @param queryFrontend.autoscaling.enabled Enable autoscaling for Thanos Query Frontend + ## @param queryFrontend.autoscaling.minReplicas Minimum number of Thanos Query Frontend replicas + ## @param queryFrontend.autoscaling.maxReplicas Maximum number of Thanos Query Frontend replicas + ## @param queryFrontend.autoscaling.targetCPU Target CPU utilization percentage + ## @param queryFrontend.autoscaling.targetMemory Target Memory utilization percentage + ## + autoscaling: + enabled: false + minReplicas: "" + maxReplicas: "" + targetCPU: "" + targetMemory: "" + ## Thanos Query Frontend Pod Disruption Budget configuration + ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb + ## @param queryFrontend.pdb.create Enable/disable a Pod Disruption Budget creation for Thanos Query Frontend + ## @param queryFrontend.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled + ## @param queryFrontend.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable + ## + pdb: + create: true + minAvailable: "" + maxUnavailable: "" + ## Configure the ingress resource that allows you to access Thanos Query Frontend + ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ + ## + ingress: + ## @param queryFrontend.ingress.enabled Enable ingress controller resource + ## + enabled: false + ## @param queryFrontend.ingress.hostname Default host for the ingress resource + ## + hostname: thanos.local + ## @param queryFrontend.ingress.overrideAlertQueryURL Automatically use query-frontend's ingress hostname as --alert.queryURL for both Query and Ruler. + ## This is used in order for the expression url on alerts/rules to be correctly rendered on UI as Frontend's hostname, instead of http://localhost:10902 + ## + overrideAlertQueryURL: true + ## @param queryFrontend.ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) + ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . + ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ + ## + ingressClassName: "" + ## @param queryFrontend.ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. + ## For a full list of possible ingress annotations, please see + ## ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md + ## Use this parameter to set the required annotations for cert-manager, see + ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations + ## + ## e.g: + ## annotations: + ## kubernetes.io/ingress.class: nginx + ## cert-manager.io/cluster-issuer: cluster-issuer-name + ## + annotations: {} + ## @param queryFrontend.ingress.extraHosts The list of additional hostnames to be covered with this ingress record. + ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array + ## extraHosts: + ## - name: thanos.local + ## path: / + ## pathType: ImplementationSpecific + ## + extraHosts: [] + ## @param queryFrontend.ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. + ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls + ## extraTls: + ## - hosts: + ## - thanos.local + ## secretName: thanos.local-tls + ## + extraTls: [] + ## @param queryFrontend.ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets + ## key and certificate should start with -----BEGIN CERTIFICATE----- or + ## -----BEGIN RSA PRIVATE KEY----- + ## + ## name should line up with a tlsSecret set further up + ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set + ## + ## It is also possible to create and manage the certificates outside of this helm chart + ## Please see README.md for more information + ## e.g: + ## - name: thanos.local-tls + ## key: + ## certificate: + ## + secrets: [] + ## @param queryFrontend.ingress.extraRules Additional rules to be covered with this ingress record + ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules + ## e.g: + ## extraRules: + ## - host: example.local + ## http: + ## path: / + ## backend: + ## service: + ## name: example-svc + ## port: + ## name: http + ## + extraRules: [] + ## @param queryFrontend.ingress.tls Enable TLS configuration for the hostname defined at `queryFrontend.ingress.hostname` parameter + ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.queryFrontend.ingress.hostname }}` + ## You can: + ## - Use the `queryFrontend.ingress.secrets` parameter to create this TLS secret + ## - Rely on cert-manager to create it by setting the corresponding annotations + ## - Rely on Helm to create self-signed certificates by setting `queryFrontend.ingress.selfSigned=true` + ## + tls: false + ## @param queryFrontend.ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm + ## + selfSigned: false + ## @param queryFrontend.ingress.apiVersion Force Ingress API version (automatically detected if not set) + ## + apiVersion: "" + ## @param queryFrontend.ingress.path Ingress path + ## + path: / + ## @param queryFrontend.ingress.pathType Ingress path type + ## + pathType: ImplementationSpecific +## @section Thanos Bucket Web parameters +bucketweb: + ## @param bucketweb.enabled Enable/disable Thanos Bucket Web component + ## + enabled: false + ## @param bucketweb.logLevel Thanos Bucket Web log level + ## + logLevel: info + ## @param bucketweb.logFormat Thanos Bucket Web log format + ## + logFormat: logfmt + ## @param bucketweb.refresh Refresh interval to download metadata from remote storage + ## + refresh: 30m + ## @param bucketweb.timeout Timeout to download metadata from remote storage + ## + timeout: 5m + ## @param bucketweb.extraEnvVars Extra environment variables for Thanos Bucket Web container + ## e.g: + ## extraEnvVars: + ## - name: FOO + ## value: "bar" + ## + extraEnvVars: [] + ## @param bucketweb.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Thanos Bucket Web nodes + ## + extraEnvVarsCM: "" + ## @param bucketweb.extraEnvVarsSecret Name of existing Secret containing extra env vars for Thanos Bucket Web nodes + ## + extraEnvVarsSecret: "" + ## @param bucketweb.extraFlags Extra Flags to passed to Thanos Bucket Web + ## + extraFlags: [] + ## @param bucketweb.command Override default container command (useful when using custom images) + ## + command: [] + ## @param bucketweb.args Override default container args (useful when using custom images) + ## + args: [] + ## @param bucketweb.replicaCount Number of Thanos Bucket Web replicas to deploy + ## + replicaCount: 1 + ## @param bucketweb.revisionHistoryLimit The number of old history to retain to allow rollback + ## + revisionHistoryLimit: 10 + ## @param bucketweb.updateStrategy.type Update strategy type for Thanos Bucket Web replicas + ## + updateStrategy: + type: RollingUpdate + ## @param bucketweb.containerPorts.http HTTP container port + ## + containerPorts: + http: 8080 + ## K8s Pod Security Context for Thanos Bucket Web pods + ## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + ## @param bucketweb.podSecurityContext.enabled Enable security context for the Thanos Bucket Web pods + ## @param bucketweb.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy + ## @param bucketweb.podSecurityContext.sysctls Set kernel settings using the sysctl interface + ## @param bucketweb.podSecurityContext.supplementalGroups Set filesystem extra groups + ## @param bucketweb.podSecurityContext.fsGroup Group ID for the filesystem used by Thanos Bucket Web pods + ## + podSecurityContext: + enabled: true + fsGroupChangePolicy: Always + sysctls: [] + supplementalGroups: [] + fsGroup: 1001 + ## K8s containers' Security Context for Thanos Bucket Web containers + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param bucketweb.containerSecurityContext.enabled Enabled containers' Security Context + ## @param bucketweb.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container + ## @param bucketweb.containerSecurityContext.runAsUser Set containers' Security Context runAsUser + ## @param bucketweb.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup + ## @param bucketweb.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot + ## @param bucketweb.containerSecurityContext.privileged Set container's Security Context privileged + ## @param bucketweb.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem + ## @param bucketweb.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation + ## @param bucketweb.containerSecurityContext.capabilities.drop List of capabilities to be dropped + ## @param bucketweb.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile + ## + containerSecurityContext: + enabled: true + seLinuxOptions: {} + runAsUser: 1001 + runAsGroup: 1001 + runAsNonRoot: true + privileged: false + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + seccompProfile: + type: "RuntimeDefault" + ## Thanos Bucket Web containers' resource requests and limits + ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## @param bucketweb.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if bucketweb.resources is set (bucketweb.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "nano" + ## @param bucketweb.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} + ## Configure extra options for Thanos Bucket Web containers' liveness and readiness probes + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes + ## @param bucketweb.livenessProbe.enabled Enable livenessProbe on Thanos Bucket Web containers + ## @param bucketweb.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param bucketweb.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param bucketweb.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param bucketweb.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param bucketweb.livenessProbe.successThreshold Success threshold for livenessProbe + ## + livenessProbe: + enabled: true + initialDelaySeconds: 30 + timeoutSeconds: 30 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 6 + ## @param bucketweb.readinessProbe.enabled Enable readinessProbe on Thanos Bucket Web containers + ## @param bucketweb.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param bucketweb.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param bucketweb.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param bucketweb.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param bucketweb.readinessProbe.successThreshold Success threshold for readinessProbe + ## + readinessProbe: + enabled: true + initialDelaySeconds: 30 + timeoutSeconds: 30 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 6 + ## @param bucketweb.startupProbe.enabled Enable startupProbe on Thanos Bucket Web containers + ## @param bucketweb.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + ## @param bucketweb.startupProbe.periodSeconds Period seconds for startupProbe + ## @param bucketweb.startupProbe.timeoutSeconds Timeout seconds for startupProbe + ## @param bucketweb.startupProbe.failureThreshold Failure threshold for startupProbe + ## @param bucketweb.startupProbe.successThreshold Success threshold for startupProbe + ## + startupProbe: + enabled: false + initialDelaySeconds: 5 + periodSeconds: 5 + timeoutSeconds: 1 + failureThreshold: 15 + successThreshold: 1 + ## @param bucketweb.customLivenessProbe Custom livenessProbe that overrides the default one + ## + customLivenessProbe: {} + ## @param bucketweb.customReadinessProbe Custom readinessProbe that overrides the default one + ## + customReadinessProbe: {} + ## @param bucketweb.customStartupProbe Custom startupProbe that overrides the default one + ## + customStartupProbe: {} + ## @param bucketweb.initContainers Add additional init containers to the Thanos Bucket Web pods + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + ## e.g: + ## initContainers: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## command: ['sh', '-c', 'echo "hello world"'] + ## + initContainers: [] + ## @param bucketweb.sidecars Extra containers running as sidecars to Thanos Bucket Web pods + ## e.g: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + sidecars: [] + ## @param bucketweb.extraVolumes Extra volumes to add to Bucket Web + ## + extraVolumes: [] + ## @param bucketweb.extraVolumeMounts Extra volume mounts to add to the bucketweb container + ## + extraVolumeMounts: [] + ## @param bucketweb.podAffinityPreset Thanos Bucket Web pod affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAffinityPreset: "" + ## @param bucketweb.podAntiAffinityPreset Thanos Bucket Web pod anti-affinity preset. Ignored if `bucketweb.affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAntiAffinityPreset: soft + ## Thanos Bucket Web node affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## + nodeAffinityPreset: + ## @param bucketweb.nodeAffinityPreset.type Thanos Bucket Web node affinity preset type. Ignored if `bucketweb.affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param bucketweb.nodeAffinityPreset.key Thanos Bucket Web node label key to match. Ignored if `bucketweb.affinity` is set. + ## e.g: + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## @param bucketweb.nodeAffinityPreset.values Thanos Bucket Web node label values to match. Ignored if `bucketweb.affinity` is set. + ## e.g: + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + ## @param bucketweb.affinity Thanos Bucket Web affinity for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## Note: bucketweb.podAffinityPreset, bucketweb.podAntiAffinityPreset, and bucketweb.nodeAffinityPreset will be ignored when it's set + ## + affinity: {} + ## @param bucketweb.nodeSelector Thanos Bucket Web node labels for pod assignment + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ + ## + nodeSelector: {} + ## @param bucketweb.tolerations Thanos Bucket Web tolerations for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## @param bucketweb.podLabels Thanos Bucket Web pod labels + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + ## + podLabels: {} + ## @param bucketweb.podAnnotations Annotations for Thanos Bucket Web pods + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + ## @param bucketweb.dnsConfig Deployment pod DNS config + ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ + ## E.g. + ## dnsConfig: + ## options: + ## - name: ndots + ## value: "4" + ## - name: single-request-reopen + ## + dnsConfig: {} + ## @param bucketweb.dnsPolicy Deployment pod DNS policy + ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ + ## E.g. + ## dnsPolicy: ClusterFirstWithHostNet + ## + dnsPolicy: "" + ## @param bucketweb.hostAliases Deployment pod host aliases + ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + ## + hostAliases: [] + ## @param bucketweb.lifecycleHooks for the Thanos Bucket Web container(s) to automate configuration before or after startup + ## + lifecycleHooks: {} + ## @param bucketweb.priorityClassName Thanos Bucket Web priorityClassName + ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ + ## + priorityClassName: "" + ## @param bucketweb.schedulerName Name of the k8s scheduler (other than default) for Thanos Bucket Web pods + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + ## + schedulerName: "" + ## @param bucketweb.topologySpreadConstraints Topology Spread Constraints for Thanos Bucket Web pods assignment spread across your cluster among failure-domains + ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods + ## + topologySpreadConstraints: [] + ## Network Policies + ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ + ## + networkPolicy: + ## @param bucketweb.networkPolicy.enabled Specifies whether a NetworkPolicy should be created + ## + enabled: true + ## @param bucketweb.networkPolicy.allowExternal Don't require client label for connections + ## The Policy model to apply. When set to false, only pods with the correct + ## client label will have network access to the ports the application is listening + ## on. When true, the app will accept connections from any source + ## (with the correct destination port). + ## + allowExternal: true + ## @param bucketweb.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. + ## + allowExternalEgress: true + ## @param bucketweb.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraIngress: + ## - ports: + ## - port: 1234 + ## from: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + extraIngress: [] + ## @param bucketweb.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraEgress: + ## - ports: + ## - port: 1234 + ## to: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + ## + extraEgress: [] + ## @param bucketweb.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces + ## @param bucketweb.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces + ## + ingressNSMatchLabels: {} + ingressNSPodMatchLabels: {} + ## Service parameters + ## + service: + ## @param bucketweb.service.type Kubernetes service type + ## + type: ClusterIP + ## @param bucketweb.service.ports.http Thanos Bucket Web service HTTP port + ## + ports: + http: 8080 + ## @param bucketweb.service.nodePorts.http Specify the Thanos Bucket Web HTTP nodePort value for the LoadBalancer and NodePort service types + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + nodePorts: + http: "" + ## @param bucketweb.service.clusterIP Thanos Bucket Web service clusterIP IP + ## e.g: + ## clusterIP: None + ## + clusterIP: "" + ## @param bucketweb.service.loadBalancerIP Load balancer IP if service type is `LoadBalancer` + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + loadBalancerIP: "" + ## @param bucketweb.service.loadBalancerSourceRanges Address that are allowed when service is LoadBalancer + ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param bucketweb.service.externalTrafficPolicy Thanos Bucket Web service externalTrafficPolicy + ## + externalTrafficPolicy: Cluster + ## @param bucketweb.service.labels Extra labels for Thanos Bucket Web service + ## + labels: {} + ## @param bucketweb.service.annotations Annotations for Thanos Bucket Web service + ## + annotations: {} + ## @param bucketweb.service.extraPorts Extra ports to expose in the Thanos Bucket Web service + ## + extraPorts: [] + ## @param bucketweb.service.labelSelectorsOverride Selector for Thanos Query service + ## + labelSelectorsOverride: {} + ## @param bucketweb.automountServiceAccountToken Enable/disable auto mounting of the service account token only for the deployment + ## + automountServiceAccountToken: true + ## ServiceAccount configuration + ## @param bucketweb.serviceAccount.create Specifies whether a ServiceAccount should be created + ## @param bucketweb.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template. + ## @param bucketweb.serviceAccount.annotations Annotations for Thanos Bucket Web Service Account + ## @param bucketweb.serviceAccount.automountServiceAccountToken Enable/disable auto mounting of the service account token + ## + serviceAccount: + create: true + name: "" + annotations: {} + automountServiceAccountToken: false + ## Thanos Bucket Web Autoscaling configuration + ## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ + ## @param bucketweb.autoscaling.enabled Enable autoscaling for Thanos Bucket Web + ## @param bucketweb.autoscaling.minReplicas Minimum number of Thanos Bucket Web replicas + ## @param bucketweb.autoscaling.maxReplicas Maximum number of Thanos Bucket Web replicas + ## @param bucketweb.autoscaling.targetCPU Target CPU utilization percentage + ## @param bucketweb.autoscaling.targetMemory Target Memory utilization percentage + ## + autoscaling: + enabled: false + minReplicas: "" + maxReplicas: "" + targetCPU: "" + targetMemory: "" + ## Thanos Bucket Web Pod Disruption Budget configuration + ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb + ## @param bucketweb.pdb.create Enable/disable a Pod Disruption Budget creation for Thanos Bucket Web + ## @param bucketweb.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled + ## @param bucketweb.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable + ## + pdb: + create: true + minAvailable: "" + maxUnavailable: "" + ## Configure the ingress resource that allows you to access Thanos Bucketweb + ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ + ## + ingress: + ## @param bucketweb.ingress.enabled Enable ingress controller resource + ## + enabled: false + ## @param bucketweb.ingress.hostname Default host for the ingress resource + ## + hostname: thanos-bucketweb.local + ## @param bucketweb.ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) + ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . + ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ + ## + ingressClassName: "" + ## @param bucketweb.ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. + ## For a full list of possible ingress annotations, please see + ## ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md + ## Use this parameter to set the required annotations for cert-manager, see + ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations + ## + ## e.g: + ## annotations: + ## kubernetes.io/ingress.class: nginx + ## cert-manager.io/cluster-issuer: cluster-issuer-name + ## + annotations: {} + ## @param bucketweb.ingress.extraHosts The list of additional hostnames to be covered with this ingress record. + ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array + ## extraHosts: + ## - name: thanos-bucketweb.local + ## path: / + ## pathType: ImplementationSpecific + ## + extraHosts: [] + ## @param bucketweb.ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. + ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls + ## extraTls: + ## - hosts: + ## - thanos-bucketweb.local + ## secretName: thanos-bucketweb.local-tls + ## + extraTls: [] + ## @param bucketweb.ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets + ## key and certificate should start with -----BEGIN CERTIFICATE----- or + ## -----BEGIN RSA PRIVATE KEY----- + ## + ## name should line up with a tlsSecret set further up + ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set + ## + ## It is also possible to create and manage the certificates outside of this helm chart + ## Please see README.md for more information + ## e.g: + ## - name: thanos-bucketweb.local-tls + ## key: + ## certificate: + ## + secrets: [] + ## @param bucketweb.ingress.extraRules Additional rules to be covered with this ingress record + ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules + ## e.g: + ## extraRules: + ## - host: example.local + ## http: + ## path: / + ## backend: + ## service: + ## name: example-svc + ## port: + ## name: http + ## + extraRules: [] + ## @param bucketweb.ingress.tls Enable TLS configuration for the hostname defined at `bucketweb.ingress.hostname` parameter + ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.bucketweb.ingress.hostname }}` + ## You can: + ## - Use the `bucketweb.ingress.secrets` parameter to create this TLS secret + ## - Rely on cert-manager to create it by setting the corresponding annotations + ## - Rely on Helm to create self-signed certificates by setting `bucketweb.ingress.selfSigned=true` + ## + tls: false + ## @param bucketweb.ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm + ## + selfSigned: false + ## @param bucketweb.ingress.apiVersion Force Ingress API version (automatically detected if not set) + ## + apiVersion: "" + ## @param bucketweb.ingress.path Ingress path + ## + path: / + ## @param bucketweb.ingress.pathType Ingress path type + ## + pathType: ImplementationSpecific +## @section Thanos Compactor parameters +compactor: + ## @param compactor.enabled Enable/disable Thanos Compactor component + ## + enabled: false + ## @param compactor.logLevel Thanos Compactor log level + ## + logLevel: info + ## @param compactor.logFormat Thanos Compactor log format + ## + logFormat: logfmt + ## Resolution and Retention flags + ## @param compactor.retentionResolutionRaw Resolution and Retention flag + ## @param compactor.retentionResolution5m Resolution and Retention flag + ## @param compactor.retentionResolution1h Resolution and Retention flag + ## + retentionResolutionRaw: 30d + retentionResolution5m: 30d + retentionResolution1h: 10y + ## @param compactor.consistencyDelay Minimum age of fresh (non-compacted) blocks before they are being processed + ## + consistencyDelay: 30m + ## @param compactor.extraEnvVars Extra environment variables for Thanos Compactor container + ## e.g: + ## extraEnvVars: + ## - name: FOO + ## value: "bar" + ## + extraEnvVars: [] + ## @param compactor.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Thanos Compactor nodes + ## + extraEnvVarsCM: "" + ## @param compactor.extraEnvVarsSecret Name of existing Secret containing extra env vars for Thanos Compactor nodes + ## + extraEnvVarsSecret: "" + ## @param compactor.extraFlags Extra Flags to passed to Thanos Compactor + ## + extraFlags: [] + ## @param compactor.command Override default container command (useful when using custom images) + ## + command: [] + ## @param compactor.args Override default container args (useful when using custom images) + ## + args: [] + ## @param compactor.revisionHistoryLimit The number of old history to retain to allow rollback + ## + revisionHistoryLimit: 10 + ## K8s CronJob configuration + ## ref: https://kubernetes.io/docs/tasks/job/automated-tasks-with-cron-jobs/ + ## @param compactor.cronJob.enabled Run compactor as a CronJob rather than a Deployment + ## @param compactor.cronJob.schedule The schedule in Cron format, see + ## @param compactor.cronJob.timeZone The time zone name for the given schedule, see + ## @param compactor.cronJob.concurrencyPolicy Specifies how to treat concurrent executions of a Job + ## @param compactor.cronJob.startingDeadlineSeconds Optional deadline in seconds for starting the job if it misses scheduled time for any reason + ## @param compactor.cronJob.suspend This flag tells the controller to suspend subsequent executions + ## @param compactor.cronJob.successfulJobsHistoryLimit The number of successful finished jobs to retain + ## @param compactor.cronJob.failedJobsHistoryLimit The number of failed finished jobs to retain + ## @param compactor.cronJob.backoffLimit The number of retries before marking this job failed + ## @param compactor.cronJob.ttlSecondsAfterFinished The maximum retention before removing the job + ## + cronJob: + enabled: false + schedule: "0 */6 * * *" + timeZone: "" + startingDeadlineSeconds: "" + concurrencyPolicy: Forbid + suspend: "" + successfulJobsHistoryLimit: "" + failedJobsHistoryLimit: "" + backoffLimit: "" + ttlSecondsAfterFinished: "" + ## @param compactor.restartPolicy Compactor container restart policy. + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy + ## + restartPolicy: "" + ## @param compactor.updateStrategy.type Update strategy type for Thanos Compactor replicas + ## + updateStrategy: + type: Recreate + ## @param compactor.containerPorts.http HTTP container port + ## + containerPorts: + http: 10902 + ## K8s Pod Security Context for Thanos Compactor pods + ## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + ## @param compactor.podSecurityContext.enabled Enable security context for the Thanos Compactor pods + ## @param compactor.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy + ## @param compactor.podSecurityContext.sysctls Set kernel settings using the sysctl interface + ## @param compactor.podSecurityContext.supplementalGroups Set filesystem extra groups + ## @param compactor.podSecurityContext.fsGroup Group ID for the filesystem used by Thanos Compactor pods + ## + podSecurityContext: + enabled: true + fsGroupChangePolicy: Always + sysctls: [] + supplementalGroups: [] + fsGroup: 1001 + ## K8s containers' Security Context for Thanos Compactor containers + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param compactor.containerSecurityContext.enabled Enabled containers' Security Context + ## @param compactor.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container + ## @param compactor.containerSecurityContext.runAsUser Set containers' Security Context runAsUser + ## @param compactor.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup + ## @param compactor.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot + ## @param compactor.containerSecurityContext.privileged Set container's Security Context privileged + ## @param compactor.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem + ## @param compactor.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation + ## @param compactor.containerSecurityContext.capabilities.drop List of capabilities to be dropped + ## @param compactor.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile + ## + containerSecurityContext: + enabled: true + seLinuxOptions: {} + runAsUser: 1001 + runAsGroup: 1001 + runAsNonRoot: true + privileged: false + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + seccompProfile: + type: "RuntimeDefault" + ## Thanos Compactor containers' resource requests and limits + ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## @param compactor.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if compactor.resources is set (compactor.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "nano" + ## @param compactor.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} + ## Configure extra options for Thanos Compactor containers' liveness and readiness probes + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes + ## @param compactor.livenessProbe.enabled Enable livenessProbe on Thanos Compactor containers + ## @param compactor.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param compactor.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param compactor.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param compactor.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param compactor.livenessProbe.successThreshold Success threshold for livenessProbe + ## + livenessProbe: + enabled: true + initialDelaySeconds: 30 + timeoutSeconds: 30 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 6 + ## @param compactor.readinessProbe.enabled Enable readinessProbe on Thanos Compactor containers + ## @param compactor.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param compactor.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param compactor.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param compactor.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param compactor.readinessProbe.successThreshold Success threshold for readinessProbe + ## + readinessProbe: + enabled: true + initialDelaySeconds: 30 + timeoutSeconds: 30 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 6 + ## @param compactor.startupProbe.enabled Enable startupProbe on Thanos Compactor containers + ## @param compactor.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + ## @param compactor.startupProbe.periodSeconds Period seconds for startupProbe + ## @param compactor.startupProbe.timeoutSeconds Timeout seconds for startupProbe + ## @param compactor.startupProbe.failureThreshold Failure threshold for startupProbe + ## @param compactor.startupProbe.successThreshold Success threshold for startupProbe + ## + startupProbe: + enabled: false + initialDelaySeconds: 5 + periodSeconds: 5 + timeoutSeconds: 1 + failureThreshold: 15 + successThreshold: 1 + ## @param compactor.customLivenessProbe Custom livenessProbe that overrides the default one + ## + customLivenessProbe: {} + ## @param compactor.customReadinessProbe Custom readinessProbe that overrides the default one + ## + customReadinessProbe: {} + ## @param compactor.customStartupProbe Custom startupProbe that overrides the default one + ## + customStartupProbe: {} + ## @param compactor.initContainers Add additional init containers to the Thanos Compactor pods + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + ## e.g: + ## initContainers: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## command: ['sh', '-c', 'echo "hello world"'] + ## + initContainers: [] + ## @param compactor.sidecars Extra containers running as sidecars to Thanos Compactor pods + ## e.g: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + sidecars: [] + ## @param compactor.extraVolumes Extra volumes to add to Thanos Compactor + ## + extraVolumes: [] + ## @param compactor.extraVolumeMounts Extra volume mounts to add to the compactor container + ## + extraVolumeMounts: [] + ## @param compactor.podAffinityPreset Thanos Compactor pod affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAffinityPreset: "" + ## @param compactor.podAntiAffinityPreset Thanos Compactor pod anti-affinity preset. Ignored if `compactor.affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAntiAffinityPreset: soft + ## Thanos Compactor node affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## + nodeAffinityPreset: + ## @param compactor.nodeAffinityPreset.type Thanos Compactor node affinity preset type. Ignored if `compactor.affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param compactor.nodeAffinityPreset.key Thanos Compactor node label key to match. Ignored if `compactor.affinity` is set. + ## e.g: + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## @param compactor.nodeAffinityPreset.values Thanos Compactor node label values to match. Ignored if `compactor.affinity` is set. + ## e.g: + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + ## @param compactor.affinity Thanos Compactor affinity for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## Note: compactor.podAffinityPreset, compactor.podAntiAffinityPreset, and compactor.nodeAffinityPreset will be ignored when it's set + ## + affinity: {} + ## @param compactor.nodeSelector Thanos Compactor node labels for pod assignment + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ + ## + nodeSelector: {} + ## @param compactor.tolerations Thanos Compactor tolerations for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## @param compactor.podLabels Thanos Compactor pod labels + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + ## + podLabels: {} + ## @param compactor.podAnnotations Annotations for Thanos Compactor pods + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + ## @param compactor.dnsConfig Deployment pod DNS config + ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ + ## E.g. + ## dnsConfig: + ## options: + ## - name: ndots + ## value: "4" + ## - name: single-request-reopen + ## + dnsConfig: {} + ## @param compactor.dnsPolicy Deployment pod DNS policy + ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ + ## E.g. + ## dnsPolicy: ClusterFirstWithHostNet + ## + dnsPolicy: "" + ## @param compactor.hostAliases Deployment pod host aliases + ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + ## + hostAliases: [] + ## @param compactor.lifecycleHooks for the Thanos Compactor container(s) to automate configuration before or after startup + ## + lifecycleHooks: {} + ## @param compactor.priorityClassName Thanos Compactor priorityClassName + ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ + ## + priorityClassName: "" + ## @param compactor.schedulerName Name of the k8s scheduler (other than default) for Thanos Compactor pods + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + ## + schedulerName: "" + ## @param compactor.topologySpreadConstraints Topology Spread Constraints for Thanos Compactor pods assignment spread across your cluster among failure-domains + ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods + ## + topologySpreadConstraints: [] + ## Network Policies + ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ + ## + networkPolicy: + ## @param compactor.networkPolicy.enabled Specifies whether a NetworkPolicy should be created + ## + enabled: true + ## @param compactor.networkPolicy.allowExternal Don't require client label for connections + ## The Policy model to apply. When set to false, only pods with the correct + ## client label will have network access to the ports the application is listening + ## on. When true, the app will accept connections from any source + ## (with the correct destination port). + ## + allowExternal: true + ## @param compactor.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. + ## + allowExternalEgress: true + ## @param compactor.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraIngress: + ## - ports: + ## - port: 1234 + ## from: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + extraIngress: [] + ## @param compactor.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraEgress: + ## - ports: + ## - port: 1234 + ## to: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + ## + extraEgress: [] + ## @param compactor.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces + ## @param compactor.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces + ## + ingressNSMatchLabels: {} + ingressNSPodMatchLabels: {} + ## Service parameters + ## + service: + ## @param compactor.service.type Kubernetes service type + ## + type: ClusterIP + ## @param compactor.service.ports.http Thanos Compactor service HTTP port + ## + ports: + http: 9090 + ## @param compactor.service.nodePorts.http Specify the Thanos Compactor HTTP nodePort value for the LoadBalancer and NodePort service types + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + nodePorts: + http: "" + ## @param compactor.service.clusterIP Thanos Compactor service clusterIP IP + ## e.g: + ## clusterIP: None + ## + clusterIP: "" + ## @param compactor.service.loadBalancerIP Load balancer IP if service type is `LoadBalancer` + ## Set the LoadBalancer service type to internal only + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + loadBalancerIP: "" + ## @param compactor.service.loadBalancerSourceRanges Addresses that are allowed when service is LoadBalancer + ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## e.g: + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param compactor.service.externalTrafficPolicy Thanos Compactor service externalTrafficPolicy + ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints + ## + externalTrafficPolicy: Cluster + ## @param compactor.service.labels Labels for Thanos Compactor service + ## + labels: {} + ## @param compactor.service.annotations Annotations for Thanos Compactor service + ## + annotations: {} + ## @param compactor.service.extraPorts Extra ports to expose in the Thanos Compactor service + ## + extraPorts: [] + ## @param compactor.service.labelSelectorsOverride Selector for Thanos Query service + ## + labelSelectorsOverride: {} + ## @param compactor.automountServiceAccountToken Enable/disable auto mounting of the service account token only for the deployment + ## + automountServiceAccountToken: true + ## ServiceAccount configuration + ## @param compactor.serviceAccount.create Specifies whether a ServiceAccount should be created + ## @param compactor.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template. + ## @param compactor.serviceAccount.annotations Annotations for Thanos Compactor Service Account + ## @param compactor.serviceAccount.automountServiceAccountToken Enable/disable auto mounting of the service account token + ## + serviceAccount: + create: true + name: "" + annotations: {} + automountServiceAccountToken: false + ## Configure the ingress resource that allows you to access Thanos Query Frontend + ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ + ## + ingress: + ## @param compactor.ingress.enabled Enable ingress controller resource + ## + enabled: false + ## @param compactor.ingress.hostname Default host for the ingress resource + ## + hostname: thanos-compactor.local + ## @param compactor.ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) + ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . + ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ + ## + ingressClassName: "" + ## @param compactor.ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. + ## For a full list of possible ingress annotations, please see + ## ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md + ## Use this parameter to set the required annotations for cert-manager, see + ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations + ## + ## e.g: + ## annotations: + ## kubernetes.io/ingress.class: nginx + ## cert-manager.io/cluster-issuer: cluster-issuer-name + ## + annotations: {} + ## @param compactor.ingress.extraHosts The list of additional hostnames to be covered with this ingress record. + ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array + ## extraHosts: + ## - name: thanos.local + ## path: / + ## pathType: ImplementationSpecific + ## + extraHosts: [] + ## @param compactor.ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. + ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls + ## extraTls: + ## - hosts: + ## - thanos.local + ## secretName: thanos.local-tls + ## + extraTls: [] + ## @param compactor.ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets + ## key and certificate should start with -----BEGIN CERTIFICATE----- or + ## -----BEGIN RSA PRIVATE KEY----- + ## + ## name should line up with a tlsSecret set further up + ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set + ## + ## It is also possible to create and manage the certificates outside of this helm chart + ## Please see README.md for more information + ## e.g: + ## - name: thanos.local-tls + ## key: + ## certificate: + ## + secrets: [] + ## @param compactor.ingress.extraRules Additional rules to be covered with this ingress record + ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules + ## e.g: + ## extraRules: + ## - host: example.local + ## http: + ## path: / + ## backend: + ## service: + ## name: example-svc + ## port: + ## name: http + ## + extraRules: [] + ## @param compactor.ingress.tls Enable TLS configuration for the hostname defined at `compactor.ingress.hostname` parameter + ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.compactor.ingress.hostname }}` + ## You can: + ## - Use the `compactor.ingress.secrets` parameter to create this TLS secret + ## - Rely on cert-manager to create it by setting the corresponding annotations + ## - Rely on Helm to create self-signed certificates by setting `compactor.ingress.selfSigned=true` + ## + tls: false + ## @param compactor.ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm + ## + selfSigned: false + ## @param compactor.ingress.apiVersion Force Ingress API version (automatically detected if not set) + ## + apiVersion: "" + ## @param compactor.ingress.path Ingress path + ## + path: / + ## @param compactor.ingress.pathType Ingress path type + ## + pathType: ImplementationSpecific + ## Persistence parameters + ## + persistence: + ## @param compactor.persistence.enabled Enable data persistence using PVC(s) on Thanos Compactor pods + ## + enabled: true + ## @param compactor.persistence.ephemeral Use ephemeral volume for data persistence using PVC(s) on Thanos Compactor pods + ## + ephemeral: false + ## @param compactor.persistence.defaultEmptyDir Defaults to emptyDir if persistence is disabled. + ## + defaultEmptyDir: true + ## @param compactor.persistence.storageClass Specify the `storageClass` used to provision the volume + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. + ## + storageClass: "" + ## @param compactor.persistence.accessModes PVC Access Modes for data volume + ## + accessModes: + - ReadWriteOnce + ## @param compactor.persistence.size PVC Storage Request for data volume + ## + size: 8Gi + ## @param compactor.persistence.labels Labels for the PVC + ## + labels: {} + ## @param compactor.persistence.annotations Annotations for the PVC + ## + annotations: {} + ## @param compactor.persistence.existingClaim Name of an existing PVC to use + ## If defined, PVC must be created manually before volume will be bound + ## + existingClaim: "" +## @section Thanos Store Gateway parameters +storegateway: + ## @param storegateway.enabled Enable/disable Thanos Store Gateway component + ## + enabled: false + ## @param storegateway.logLevel Thanos Store Gateway log level + ## + logLevel: info + ## @param storegateway.logFormat Thanos Store Gateway log format + ## + logFormat: logfmt + ## @param storegateway.useEndpointGroup Specify whether to use `endpoint-group` when querying the Store API of HA Store Gateway replicas + ## NOTE: This will take effect in the querier configuration + ## + useEndpointGroup: false + ## @param storegateway.config Thanos Store Gateway configuration + ## Specify content for config.yml + ## + config: "" + ## @param storegateway.existingConfigmap Name of existing ConfigMap with Thanos Store Gateway configuration + ## NOTE: This will override storegateway.config + ## + existingConfigmap: "" + ## Thanos Store Gateway GRPC parameters + ## ref: https://github.com/thanos-io/thanos/blob/master/docs/components/store.md#flags + ## + grpc: + ## GRPC server side + ## + server: + ## TLS configuration + ## @param storegateway.grpc.server.tls.enabled Enable TLS encryption in the GRPC server + ## @param storegateway.grpc.server.tls.autoGenerated Create self-signed TLS certificates. Currently only supports PEM certificates + ## @param storegateway.grpc.server.tls.cert TLS Certificate for GRPC server - ignored if existingSecret is provided + ## @param storegateway.grpc.server.tls.key TLS Key for GRPC server - ignored if existingSecret is provided + ## @param storegateway.grpc.server.tls.ca TLS CA to verify clients against - ignored if existingSecret is provided + ## @param storegateway.grpc.server.tls.clientAuthEnabled Enable TLS client verification against provided CA + ## @param storegateway.grpc.server.tls.existingSecret Existing secret containing your own TLS certificates + ## e.g: + ## existingSecret: + ## name: foo + ## keyMapping: + ## ca-cert: ca.pem + ## tls-cert: cert.pem + ## tls-key: key.pem + ## + tls: + enabled: false + autoGenerated: false + cert: "" + key: "" + ca: "" + clientAuthEnabled: true + existingSecret: {} + ## @param storegateway.extraEnvVars Extra environment variables for Thanos Store Gateway container + ## e.g: + ## extraEnvVars: + ## - name: FOO + ## value: "bar" + ## + extraEnvVars: [] + ## @param storegateway.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Thanos Store Gateway nodes + ## + extraEnvVarsCM: "" + ## @param storegateway.extraEnvVarsSecret Name of existing Secret containing extra env vars for Thanos Store Gateway nodes + ## + extraEnvVarsSecret: "" + ## @param storegateway.extraFlags Extra Flags to passed to Thanos Store Gateway + ## + extraFlags: [] + ## @param storegateway.command Override default container command (useful when using custom images) + ## + command: [] + ## @param storegateway.args Override default container args (useful when using custom images) + ## + args: [] + ## @param storegateway.replicaCount Number of Thanos Store Gateway replicas to deploy + ## + replicaCount: 1 + ## @param storegateway.revisionHistoryLimit The number of old history to retain to allow rollback + ## + revisionHistoryLimit: 10 + ## @param storegateway.updateStrategy.type Update strategy type for Thanos Store Gateway replicas + ## + updateStrategy: + type: RollingUpdate + ## @param storegateway.podManagementPolicy Statefulset Pod management policy: OrderedReady (default) or Parallel + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies + ## + podManagementPolicy: OrderedReady + ## @param storegateway.containerPorts.http HTTP container port + ## @param storegateway.containerPorts.grpc GRPC container port + ## + containerPorts: + http: 10902 + grpc: 10901 + ## K8s Pod Security Context for Thanos Store Gateway pods + ## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + ## @param storegateway.podSecurityContext.enabled Enable security context for the Thanos Store Gateway pods + ## @param storegateway.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy + ## @param storegateway.podSecurityContext.sysctls Set kernel settings using the sysctl interface + ## @param storegateway.podSecurityContext.supplementalGroups Set filesystem extra groups + ## @param storegateway.podSecurityContext.fsGroup Group ID for the filesystem used by Thanos Store Gateway pods + ## + podSecurityContext: + enabled: true + fsGroupChangePolicy: Always + sysctls: [] + supplementalGroups: [] + fsGroup: 1001 + ## K8s containers' Security Context for Thanos Store Gateway containers + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param storegateway.containerSecurityContext.enabled Enabled containers' Security Context + ## @param storegateway.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container + ## @param storegateway.containerSecurityContext.runAsUser Set containers' Security Context runAsUser + ## @param storegateway.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup + ## @param storegateway.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot + ## @param storegateway.containerSecurityContext.privileged Set container's Security Context privileged + ## @param storegateway.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem + ## @param storegateway.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation + ## @param storegateway.containerSecurityContext.capabilities.drop List of capabilities to be dropped + ## @param storegateway.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile + ## + containerSecurityContext: + enabled: true + seLinuxOptions: {} + runAsUser: 1001 + runAsGroup: 1001 + runAsNonRoot: true + privileged: false + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + seccompProfile: + type: "RuntimeDefault" + ## Thanos Store Gateway containers' resource requests and limits + ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## @param storegateway.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if storegateway.resources is set (storegateway.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "nano" + ## @param storegateway.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} + ## Configure extra options for Thanos Store Gateway containers' liveness and readiness probes + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes + ## @param storegateway.livenessProbe.enabled Enable livenessProbe on Thanos Store Gateway containers + ## @param storegateway.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param storegateway.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param storegateway.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param storegateway.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param storegateway.livenessProbe.successThreshold Success threshold for livenessProbe + ## + livenessProbe: + enabled: true + initialDelaySeconds: 30 + timeoutSeconds: 30 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 6 + ## @param storegateway.readinessProbe.enabled Enable readinessProbe on Thanos Store Gateway containers + ## @param storegateway.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param storegateway.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param storegateway.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param storegateway.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param storegateway.readinessProbe.successThreshold Success threshold for readinessProbe + ## + readinessProbe: + enabled: true + initialDelaySeconds: 30 + timeoutSeconds: 30 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 6 + ## @param storegateway.startupProbe.enabled Enable startupProbe on Thanos Store Gateway containers + ## @param storegateway.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + ## @param storegateway.startupProbe.periodSeconds Period seconds for startupProbe + ## @param storegateway.startupProbe.timeoutSeconds Timeout seconds for startupProbe + ## @param storegateway.startupProbe.failureThreshold Failure threshold for startupProbe + ## @param storegateway.startupProbe.successThreshold Success threshold for startupProbe + ## + startupProbe: + enabled: false + initialDelaySeconds: 5 + periodSeconds: 5 + timeoutSeconds: 1 + failureThreshold: 15 + successThreshold: 1 + ## @param storegateway.customLivenessProbe Custom livenessProbe that overrides the default one + ## + customLivenessProbe: {} + ## @param storegateway.customReadinessProbe Custom readinessProbe that overrides the default one + ## + customReadinessProbe: {} + ## @param storegateway.customStartupProbe Custom startupProbe that overrides the default one + ## + customStartupProbe: {} + ## @param storegateway.initContainers Add additional init containers to the Thanos Store Gateway pods + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + ## e.g: + ## initContainers: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## command: ['sh', '-c', 'echo "hello world"'] + ## + initContainers: [] + ## @param storegateway.sidecars Extra containers running as sidecars to Thanos Store Gateway pods + ## e.g: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + sidecars: [] + ## @param storegateway.extraVolumes Extra volumes to add to Thanos Store Gateway + ## + extraVolumes: [] + ## @param storegateway.extraVolumeMounts Extra volume mounts to add to the storegateway container + ## + extraVolumeMounts: [] + ## @param storegateway.podAffinityPreset Thanos Store Gateway pod affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAffinityPreset: "" + ## @param storegateway.podAntiAffinityPreset Thanos Store Gateway pod anti-affinity preset. Ignored if `storegateway.affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAntiAffinityPreset: soft + ## Thanos Store Gateway node affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## + nodeAffinityPreset: + ## @param storegateway.nodeAffinityPreset.type Thanos Store Gateway node affinity preset type. Ignored if `storegateway.affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param storegateway.nodeAffinityPreset.key Thanos Store Gateway node label key to match. Ignored if `storegateway.affinity` is set. + ## e.g: + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## @param storegateway.nodeAffinityPreset.values Thanos Store Gateway node label values to match. Ignored if `storegateway.affinity` is set. + ## e.g: + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + ## @param storegateway.affinity Thanos Store Gateway affinity for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## Note: storegateway.podAffinityPreset, storegateway.podAntiAffinityPreset, and storegateway.nodeAffinityPreset will be ignored when it's set + ## + affinity: {} + ## @param storegateway.nodeSelector Thanos Store Gateway node labels for pod assignment + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ + ## + nodeSelector: {} + ## @param storegateway.tolerations Thanos Store Gateway tolerations for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## @param storegateway.podLabels Thanos Store Gateway pod labels + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + ## + podLabels: {} + ## @param storegateway.podAnnotations Annotations for Thanos Store Gateway pods + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + ## @param storegateway.dnsConfig Deployment pod DNS config + ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ + ## E.g. + ## dnsConfig: + ## options: + ## - name: ndots + ## value: "4" + ## - name: single-request-reopen + ## + dnsConfig: {} + ## @param storegateway.dnsPolicy Deployment pod DNS policy + ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ + ## E.g. + ## dnsPolicy: ClusterFirstWithHostNet + ## + dnsPolicy: "" + ## @param storegateway.hostAliases Deployment pod host aliases + ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + ## + hostAliases: [] + ## @param storegateway.lifecycleHooks for the Thanos Store Gateway container(s) to automate configuration before or after startup + ## + lifecycleHooks: {} + ## @param storegateway.priorityClassName Thanos Store Gateway priorityClassName + ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ + ## + priorityClassName: "" + ## @param storegateway.topologySpreadConstraints Topology Spread Constraints for Thanos Store Gateway pods assignment spread across your cluster among failure-domains + ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods + ## + topologySpreadConstraints: [] + ## @param storegateway.schedulerName Name of the k8s scheduler (other than default) for Thanos Store Gateway pods + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + ## + schedulerName: "" + ## Network Policies + ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ + ## + networkPolicy: + ## @param storegateway.networkPolicy.enabled Specifies whether a NetworkPolicy should be created + ## + enabled: true + ## @param storegateway.networkPolicy.allowExternal Don't require client label for connections + ## The Policy model to apply. When set to false, only pods with the correct + ## client label will have network access to the ports the application is listening + ## on. When true, the app will accept connections from any source + ## (with the correct destination port). + ## + allowExternal: true + ## @param storegateway.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. + ## + allowExternalEgress: true + ## @param storegateway.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraIngress: + ## - ports: + ## - port: 1234 + ## from: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + extraIngress: [] + ## @param storegateway.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraEgress: + ## - ports: + ## - port: 1234 + ## to: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + ## + extraEgress: [] + ## @param storegateway.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces + ## @param storegateway.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces + ## + ingressNSMatchLabels: {} + ingressNSPodMatchLabels: {} + ## Service parameters + ## + service: + ## @param storegateway.service.type Kubernetes service type + ## + type: ClusterIP + ## @param storegateway.service.ports.http Thanos Store Gateway service HTTP port + ## @param storegateway.service.ports.grpc Thanos Store Gateway service GRPC port + ## + ports: + http: 9090 + grpc: 10901 + ## @param storegateway.service.nodePorts.http Specify the Thanos Store Gateway HTTP nodePort value for the LoadBalancer and NodePort service types + ## @param storegateway.service.nodePorts.grpc Specify the Thanos Store Gateway GRPC nodePort value for the LoadBalancer and NodePort service types + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + nodePorts: + http: "" + grpc: "" + ## @param storegateway.service.clusterIP Thanos Store Gateway service clusterIP IP + ## e.g: + ## clusterIP: None + ## + clusterIP: "" + ## @param storegateway.service.loadBalancerIP Load balancer IP if service type is `LoadBalancer` + ## Set the LoadBalancer service type to internal only + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + loadBalancerIP: "" + ## @param storegateway.service.loadBalancerSourceRanges Addresses that are allowed when service is LoadBalancer + ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## e.g: + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param storegateway.service.externalTrafficPolicy Thanos Store Gateway service externalTrafficPolicy + ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints + ## + externalTrafficPolicy: Cluster + ## @param storegateway.service.labels Extra labels for Thanos Store Gateway service + ## + labels: {} + ## @param storegateway.service.annotations Annotations for Thanos Store Gateway service + ## + annotations: {} + ## @param storegateway.service.extraPorts Extra ports to expose in the Thanos Store Gateway service + ## + extraPorts: [] + ## @param storegateway.service.labelSelectorsOverride Selector for Thanos Query service + ## + labelSelectorsOverride: {} + ## @param storegateway.service.additionalHeadless Additional Headless service + ## + additionalHeadless: false + ## Headless service properties + ## + headless: + ## @param storegateway.service.headless.annotations Annotations for the headless service. + ## + annotations: {} + ## Persistence parameters + ## + persistence: + ## @param storegateway.persistence.enabled Enable data persistence using PVC(s) on Thanos Store Gateway pods + ## + enabled: true + ## @param storegateway.persistence.storageClass Specify the `storageClass` used to provision the volume + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. + ## + storageClass: "" + ## @param storegateway.persistence.accessModes PVC Access Modes for data volume + ## + accessModes: + - ReadWriteOnce + ## @param storegateway.persistence.size PVC Storage Request for data volume + ## + size: 8Gi + ## @param storegateway.persistence.labels Labels for the PVC + ## + labels: {} + ## @param storegateway.persistence.annotations Annotations for the PVC + ## + annotations: {} + ## @param storegateway.persistence.existingClaim Name of an existing PVC to use + ## If defined, PVC must be created manually before volume will be bound + ## + existingClaim: "" + ## Persistent Volume Claim Retention Policy + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention + ## + persistentVolumeClaimRetentionPolicy: + ## @param storegateway.persistentVolumeClaimRetentionPolicy.enabled Enable Persistent volume retention policy for Thanos Store Gateway Statefulset + ## + enabled: false + ## @param storegateway.persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced + ## + whenScaled: Retain + ## @param storegateway.persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted + ## + whenDeleted: Retain + ## @param storegateway.automountServiceAccountToken Enable/disable auto mounting of the service account token only for the sts + ## + automountServiceAccountToken: true + ## ServiceAccount configuration + ## @param storegateway.serviceAccount.create Specifies whether a ServiceAccount should be created + ## @param storegateway.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template. + ## @param storegateway.serviceAccount.annotations Annotations for Thanos Store Gateway Service Account + ## @param storegateway.serviceAccount.automountServiceAccountToken Enable/disable auto mounting of the service account token + ## + serviceAccount: + create: true + name: "" + annotations: {} + automountServiceAccountToken: false + ## Thanos Store Gateway Autoscaling configuration + ## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ + ## @param storegateway.autoscaling.enabled Enable autoscaling for Thanos Store Gateway + ## @param storegateway.autoscaling.minReplicas Minimum number of Thanos Store Gateway replicas + ## @param storegateway.autoscaling.maxReplicas Maximum number of Thanos Store Gateway replicas + ## @param storegateway.autoscaling.targetCPU Target CPU utilization percentage + ## @param storegateway.autoscaling.targetMemory Target Memory utilization percentage + ## + autoscaling: + enabled: false + minReplicas: "" + maxReplicas: "" + targetCPU: "" + targetMemory: "" + ## Thanos Store Gateway Pod Disruption Budget configuration + ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb + ## @param storegateway.pdb.create Enable/disable a Pod Disruption Budget creation for Thanos Store Gateway + ## @param storegateway.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled + ## @param storegateway.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable + ## + pdb: + create: true + minAvailable: "" + maxUnavailable: "" + ## Configure the ingress resource that allows you to access Thanos Query Frontend + ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ + ## + ingress: + ## @param storegateway.ingress.enabled Enable ingress controller resource + ## + enabled: false + ## @param storegateway.ingress.hostname Default host for the ingress resource + ## + hostname: thanos-storegateway.local + ## @param storegateway.ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) + ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . + ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ + ## + ingressClassName: "" + ## @param storegateway.ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. + ## For a full list of possible ingress annotations, please see + ## ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md + ## Use this parameter to set the required annotations for cert-manager, see + ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations + ## + ## e.g: + ## annotations: + ## kubernetes.io/ingress.class: nginx + ## cert-manager.io/cluster-issuer: cluster-issuer-name + ## + annotations: {} + ## @param storegateway.ingress.extraHosts The list of additional hostnames to be covered with this ingress record. + ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array + ## extraHosts: + ## - name: thanos.local + ## path: / + ## pathType: ImplementationSpecific + ## + extraHosts: [] + ## @param storegateway.ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. + ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls + ## extraTls: + ## - hosts: + ## - thanos.local + ## secretName: thanos.local-tls + ## + extraTls: [] + ## @param storegateway.ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets + ## key and certificate should start with -----BEGIN CERTIFICATE----- or + ## -----BEGIN RSA PRIVATE KEY----- + ## + ## name should line up with a tlsSecret set further up + ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set + ## + ## It is also possible to create and manage the certificates outside of this helm chart + ## Please see README.md for more information + ## e.g: + ## - name: thanos.local-tls + ## key: + ## certificate: + ## + secrets: [] + ## @param storegateway.ingress.extraRules Additional rules to be covered with this ingress record + ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules + ## e.g: + ## extraRules: + ## - host: example.local + ## http: + ## path: / + ## backend: + ## service: + ## name: example-svc + ## port: + ## name: http + ## + extraRules: [] + ## @param storegateway.ingress.tls Enable TLS configuration for the hostname defined at `storegateway.ingress.hostname` parameter + ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.storegateway.ingress.hostname }}` + ## You can: + ## - Use the `storegateway.ingress.secrets` parameter to create this TLS secret + ## - Rely on cert-manager to create it by setting the corresponding annotations + ## - Rely on Helm to create self-signed certificates by setting `storegateway.ingress.selfSigned=true` + ## + tls: false + ## @param storegateway.ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm + ## + selfSigned: false + ## @param storegateway.ingress.apiVersion Force Ingress API version (automatically detected if not set) + ## + apiVersion: "" + ## @param storegateway.ingress.path Ingress path + ## + path: / + ## @param storegateway.ingress.pathType Ingress path type + ## + pathType: ImplementationSpecific + ## Create an ingress object for the GRPC service. This requires an HTTP/2 + ## capable Ingress controller (eg. traefik using AWS NLB). Example annotations + ## - ingress.kubernetes.io/protocol: h2c + ## - service.beta.kubernetes.io/aws-load-balancer-type: nlb + ## - service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp + ## For more information see https://kubernetes.io/docs/concepts/cluster-administration/cloud-providers/ + ## and also the documentation for your ingress controller. + ## + ## The options that are accepted are identical to the HTTP one listed above + ## + grpc: + ## @param storegateway.ingress.grpc.enabled Enable ingress controller resource (GRPC) + ## + enabled: false + ## @param storegateway.ingress.grpc.hostname Default host for the ingress resource (GRPC) + ## + hostname: thanos-grpc.local + ## @param storegateway.ingress.grpc.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) + ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . + ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ + ## + ingressClassName: "" + ## @param storegateway.ingress.grpc.annotations Additional annotations for the Ingress resource (GRPC). To enable certificate autogeneration, place here your cert-manager annotations. + ## For a full list of possible ingress annotations, please see + ## ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md + ## Use this parameter to set the required annotations for cert-manager, see + ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations + ## + ## Examples: + ## kubernetes.io/ingress.class: nginx + ## cert-manager.io/cluster-issuer: cluster-issuer-name + ## + annotations: {} + ## @param storegateway.ingress.grpc.extraHosts The list of additional hostnames to be covered with this ingress record. + ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array + ## extraHosts: + ## - name: thanos-grpc.local + ## path: / + ## + extraHosts: [] + ## @param storegateway.ingress.grpc.extraTls The tls configuration for additional hostnames to be covered with this ingress record. + ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls + ## extraTls: + ## - hosts: + ## - thanos-grpc.local + ## secretName: thanos-grpc.local-tls + ## + extraTls: [] + ## @param storegateway.ingress.grpc.secrets If you're providing your own certificates, please use this to add the certificates as secrets + ## key and certificate should start with -----BEGIN CERTIFICATE----- or + ## -----BEGIN RSA PRIVATE KEY----- + ## + ## name should line up with a tlsSecret set further up + ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set + ## + ## It is also possible to create and manage the certificates outside of this helm chart + ## Please see README.md for more information + ## e.g: + ## - name: thanos-grpc.local-tls + ## key: + ## certificate: + ## + secrets: [] + ## @param storegateway.ingress.grpc.extraRules Additional rules to be covered with this ingress record + ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules + ## e.g: + ## extraRules: + ## - host: example.local + ## http: + ## path: / + ## backend: + ## service: + ## name: example-svc + ## port: + ## name: http + ## + extraRules: [] + ## @param storegateway.ingress.grpc.tls Enable TLS configuration for the hostname defined at `storegateway.ingress.grpc.hostname` parameter + ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.storegateway.ingress.grpc.hostname }}` + ## You can: + ## - Use the `storegateway.ingress.grpc.secrets` parameter to create this TLS secret + ## - Rely on cert-manager to create it by setting the corresponding annotations + ## - Rely on Helm to create self-signed certificates by setting `storegateway.ingress.grpc.selfSigned=true` + ## + tls: false + ## @param storegateway.ingress.grpc.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm + ## + selfSigned: false + ## @param storegateway.ingress.grpc.apiVersion Override API Version (automatically detected if not set) + ## + apiVersion: "" + ## @param storegateway.ingress.grpc.path Ingress Path + ## + path: / + ## @param storegateway.ingress.grpc.pathType Ingress Path type + ## + pathType: ImplementationSpecific + ## Sharded parameters + ## @param storegateway.sharded.enabled Enable sharding for Thanos Store Gateway + ## @param storegateway.sharded.hashPartitioning.shards Setting hashPartitioning will create multiple store statefulsets based on the number of shards specified using the hashmod of the blocks + ## @param storegateway.sharded.timePartitioning [array] Setting time timePartitioning will create multiple store deployments based on the number of partitions + ## @param storegateway.sharded.service.clusterIPs Array of cluster IPs for each Store Gateway service. Length must be the same as the number of shards + ## e.g: + ## clusterIPs: + ## - X.X.X.X + ## - Y.Y.Y.Y + ## @param storegateway.sharded.service.loadBalancerIPs Array of load balancer IPs for each Store Gateway service. Length must be the same as the number of shards + ## e.g: + ## loadBalancerIPs: + ## - X.X.X.X + ## - Y.Y.Y.Y + ## @param storegateway.sharded.service.http.nodePorts Array of http node ports used for Store Gateway service. Length must be the same as the number of shards + ## e.g: + ## nodePorts: + ## - 30001 + ## - 30002 + ## @param storegateway.sharded.service.grpc.nodePorts Array of grpc node ports used for Store Gateway service. Length must be the same as the number of shards + ## e.g: + ## nodePorts: + ## - 30011 + ## - 30012 + ## + sharded: + enabled: false + hashPartitioning: + shards: "" + timePartitioning: + - min: "" + max: "" + service: + clusterIPs: [] + loadBalancerIPs: [] + http: + nodePorts: [] + grpc: + nodePorts: [] +## @section Thanos Ruler parameters +ruler: + ## @param ruler.enabled Enable/disable Thanos Ruler component + ## + enabled: false + ## @param ruler.logLevel Thanos Ruler log level + ## + logLevel: info + ## @param ruler.logFormat Thanos Ruler log format + ## + logFormat: logfmt + ## @param ruler.replicaLabel Label to treat as a replica indicator along which data is de-duplicated + ## + replicaLabel: replica + ## @param ruler.dnsDiscovery.enabled Dynamically configure Query APIs using DNS discovery + ## + dnsDiscovery: + enabled: true + ## @param ruler.queryURL Thanos query/query-frontend URL to link in Ruler UI. + ## + queryURL: "" + ## @param ruler.alertmanagers Alert managers URLs array + ## NOTE: This is only used when ruler.alertmanagersConfig is not set + ## + alertmanagers: [] + ## @param ruler.alertmanagersConfig Alert managers configuration + ## NOTE: This is only used when ruler.alertmanagers is not set + ## ref: https://thanos.io/tip/components/rule.md/#alertmanager + ## e.g: + ## alertmanagersConfig: + ## alertmanagers: + ## - http_config: + ## basic_auth: + ## username: some_user + ## password: some_pass + ## static_configs: + ## - alertmanager.thanos.io + ## scheme: http + ## timeout: 10s + ## api_version: v2 + ## + alertmanagersConfig: "" + ## @param ruler.evalInterval The default evaluation interval to use + ## + evalInterval: 1m + ## @param ruler.clusterName Used to set the 'ruler_cluster' label + ## + clusterName: "" + ## @param ruler.config Ruler configuration + ## Specify content for ruler.yml + ## + config: "" + ## @param ruler.existingConfigmap Name of existing ConfigMap with Ruler configuration + ## NOTE: This will override ruler.config + ## + existingConfigmap: "" + ## @param ruler.extraEnvVars Extra environment variables for Thanos Ruler container + ## e.g: + ## extraEnvVars: + ## - name: FOO + ## value: "bar" + ## + extraEnvVars: [] + ## @param ruler.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Thanos Ruler nodes + ## + extraEnvVarsCM: "" + ## @param ruler.extraEnvVarsSecret Name of existing Secret containing extra env vars for Thanos Ruler nodes + ## + extraEnvVarsSecret: "" + ## @param ruler.extraFlags Extra Flags to passed to Thanos Ruler + ## + extraFlags: [] + ## @param ruler.command Override default container command (useful when using custom images) + ## + command: [] + ## @param ruler.args Override default container args (useful when using custom images) + ## + args: [] + ## @param ruler.replicaCount Number of Thanos Ruler replicas to deploy + ## + replicaCount: 1 + ## @param ruler.revisionHistoryLimit The number of old history to retain to allow rollback + ## + revisionHistoryLimit: 10 + ## @param ruler.updateStrategy.type Update strategy type for Thanos Ruler replicas + ## + updateStrategy: + type: RollingUpdate + ## @param ruler.podManagementPolicy Statefulset Pod Management Policy Type + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies + ## + podManagementPolicy: OrderedReady + ## @param ruler.containerPorts.http HTTP container port + ## @param ruler.containerPorts.grpc GRPC container port + ## + containerPorts: + http: 10902 + grpc: 10901 + ## K8s Pod Security Context for Thanos Ruler pods + ## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + ## @param ruler.podSecurityContext.enabled Enable security context for the Thanos Ruler pods + ## @param ruler.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy + ## @param ruler.podSecurityContext.sysctls Set kernel settings using the sysctl interface + ## @param ruler.podSecurityContext.supplementalGroups Set filesystem extra groups + ## @param ruler.podSecurityContext.fsGroup Group ID for the filesystem used by Thanos Ruler pods + ## + podSecurityContext: + enabled: true + fsGroupChangePolicy: Always + sysctls: [] + supplementalGroups: [] + fsGroup: 1001 + ## K8s containers' Security Context for Thanos Ruler containers + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param ruler.containerSecurityContext.enabled Enabled containers' Security Context + ## @param ruler.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container + ## @param ruler.containerSecurityContext.runAsUser Set containers' Security Context runAsUser + ## @param ruler.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup + ## @param ruler.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot + ## @param ruler.containerSecurityContext.privileged Set container's Security Context privileged + ## @param ruler.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem + ## @param ruler.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation + ## @param ruler.containerSecurityContext.capabilities.drop List of capabilities to be dropped + ## @param ruler.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile + ## + containerSecurityContext: + enabled: true + seLinuxOptions: {} + runAsUser: 1001 + runAsGroup: 1001 + runAsNonRoot: true + privileged: false + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + seccompProfile: + type: "RuntimeDefault" + ## Thanos Ruler containers' resource requests and limits + ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## @param ruler.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if ruler.resources is set (ruler.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "nano" + ## @param ruler.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} + ## Configure extra options for Thanos Ruler containers' liveness and readiness probes + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes + ## @param ruler.livenessProbe.enabled Enable livenessProbe on Thanos Ruler containers + ## @param ruler.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param ruler.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param ruler.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param ruler.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param ruler.livenessProbe.successThreshold Success threshold for livenessProbe + ## + livenessProbe: + enabled: true + initialDelaySeconds: 30 + timeoutSeconds: 30 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 6 + ## @param ruler.readinessProbe.enabled Enable readinessProbe on Thanos Ruler containers + ## @param ruler.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param ruler.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param ruler.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param ruler.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param ruler.readinessProbe.successThreshold Success threshold for readinessProbe + ## + readinessProbe: + enabled: true + initialDelaySeconds: 30 + timeoutSeconds: 30 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 6 + ## @param ruler.startupProbe.enabled Enable startupProbe on Thanos Ruler containers + ## @param ruler.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + ## @param ruler.startupProbe.periodSeconds Period seconds for startupProbe + ## @param ruler.startupProbe.timeoutSeconds Timeout seconds for startupProbe + ## @param ruler.startupProbe.failureThreshold Failure threshold for startupProbe + ## @param ruler.startupProbe.successThreshold Success threshold for startupProbe + ## + startupProbe: + enabled: false + initialDelaySeconds: 5 + periodSeconds: 5 + timeoutSeconds: 1 + failureThreshold: 15 + successThreshold: 1 + ## @param ruler.customLivenessProbe Custom livenessProbe that overrides the default one + ## + customLivenessProbe: {} + ## @param ruler.customReadinessProbe Custom readinessProbe that overrides the default one + ## + customReadinessProbe: {} + ## @param ruler.customStartupProbe Custom startupProbe that overrides the default one + ## + customStartupProbe: {} + ## @param ruler.initContainers Add additional init containers to the Thanos Ruler pods + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + ## e.g: + ## initContainers: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## command: ['sh', '-c', 'echo "hello world"'] + ## + initContainers: [] + ## @param ruler.sidecars Extra containers running as sidecars to Thanos Ruler pods + ## e.g: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + sidecars: [] + ## @param ruler.extraVolumes Extra volumes to add to Thanos Ruler + ## + extraVolumes: [] + ## @param ruler.extraVolumeMounts Extra volume mounts to add to the ruler container + ## + extraVolumeMounts: [] + ## @param ruler.podAffinityPreset Thanos Ruler pod affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAffinityPreset: "" + ## @param ruler.podAntiAffinityPreset Thanos Ruler pod anti-affinity preset. Ignored if `ruler.affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAntiAffinityPreset: soft + ## Thanos Ruler node affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## + nodeAffinityPreset: + ## @param ruler.nodeAffinityPreset.type Thanos Ruler node affinity preset type. Ignored if `ruler.affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param ruler.nodeAffinityPreset.key Thanos Ruler node label key to match. Ignored if `ruler.affinity` is set. + ## e.g: + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## @param ruler.nodeAffinityPreset.values Thanos Ruler node label values to match. Ignored if `ruler.affinity` is set. + ## e.g: + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + ## @param ruler.affinity Thanos Ruler affinity for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## Note: ruler.podAffinityPreset, ruler.podAntiAffinityPreset, and ruler.nodeAffinityPreset will be ignored when it's set + ## + affinity: {} + ## @param ruler.nodeSelector Thanos Ruler node labels for pod assignment + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ + ## + nodeSelector: {} + ## @param ruler.tolerations Thanos Ruler tolerations for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## @param ruler.podLabels Thanos Ruler pod labels + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + ## + podLabels: {} + ## @param ruler.podAnnotations Annotations for Thanos Ruler pods + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + ## @param ruler.dnsConfig Deployment pod DNS config + ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ + ## E.g. + ## dnsConfig: + ## options: + ## - name: ndots + ## value: "4" + ## - name: single-request-reopen + ## + dnsConfig: {} + ## @param ruler.dnsPolicy Deployment pod DNS policy + ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ + ## E.g. + ## dnsPolicy: ClusterFirstWithHostNet + ## + dnsPolicy: "" + ## @param ruler.hostAliases Deployment pod host aliases + ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + ## + hostAliases: [] + ## @param ruler.lifecycleHooks for the Thanos Ruler container(s) to automate configuration before or after startup + ## + lifecycleHooks: {} + ## @param ruler.priorityClassName Thanos Ruler priorityClassName + ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ + ## + priorityClassName: "" + ## @param ruler.schedulerName Name of the k8s scheduler (other than default) for Thanos Ruler pods + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + ## + schedulerName: "" + ## @param ruler.topologySpreadConstraints Topology Spread Constraints for Thanos Ruler pods assignment spread across your cluster among failure-domains + ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods + ## + topologySpreadConstraints: [] + ## Network Policies + ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ + ## + networkPolicy: + ## @param ruler.networkPolicy.enabled Specifies whether a NetworkPolicy should be created + ## + enabled: true + ## @param ruler.networkPolicy.allowExternal Don't require client label for connections + ## The Policy model to apply. When set to false, only pods with the correct + ## client label will have network access to the ports the application is listening + ## on. When true, the app will accept connections from any source + ## (with the correct destination port). + ## + allowExternal: true + ## @param ruler.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. + ## + allowExternalEgress: true + ## @param ruler.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraIngress: + ## - ports: + ## - port: 1234 + ## from: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + extraIngress: [] + ## @param ruler.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraEgress: + ## - ports: + ## - port: 1234 + ## to: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + ## + extraEgress: [] + ## @param ruler.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces + ## @param ruler.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces + ## + ingressNSMatchLabels: {} + ingressNSPodMatchLabels: {} + ## Service parameters + ## + service: + ## @param ruler.service.type Kubernetes service type + ## + type: ClusterIP + ## @param ruler.service.ports.http Thanos Ruler service HTTP port + ## @param ruler.service.ports.grpc Thanos Ruler service GRPC port + ## + ports: + http: 9090 + grpc: 10901 + ## @param ruler.service.nodePorts.http Specify the Thanos Ruler HTTP nodePort value for the LoadBalancer and NodePort service types + ## @param ruler.service.nodePorts.grpc Specify the Thanos Ruler GRPC nodePort value for the LoadBalancer and NodePort service types + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + nodePorts: + http: "" + grpc: "" + ## @param ruler.service.clusterIP Thanos Ruler service clusterIP IP + ## e.g: + ## clusterIP: None + ## + clusterIP: "" + ## @param ruler.service.loadBalancerIP Load balancer IP if service type is `LoadBalancer` + ## Set the LoadBalancer service type to internal only + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + loadBalancerIP: "" + ## @param ruler.service.loadBalancerSourceRanges Address that are allowed when service is LoadBalancer + ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## e.g: + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param ruler.service.externalTrafficPolicy Thanos Ruler service externalTrafficPolicy + ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints + ## + externalTrafficPolicy: Cluster + ## @param ruler.service.labels Extra labels for Thanos Ruler service + ## + labels: {} + ## @param ruler.service.annotations Annotations for Thanos Ruler service + ## + annotations: {} + ## @param ruler.service.extraPorts Extra ports to expose in the Thanos Ruler service + ## + extraPorts: [] + ## @param ruler.service.labelSelectorsOverride Selector for Thanos Query service + ## + labelSelectorsOverride: {} + ## @param ruler.service.additionalHeadless Additional Headless service + ## + additionalHeadless: false + ## Headless service properties + ## + headless: + ## @param ruler.service.headless.annotations Annotations for the headless service. + ## + annotations: {} + ## Persistence parameters + ## + persistence: + ## @param ruler.persistence.enabled Enable data persistence using PVC(s) on Thanos Ruler pods + ## + enabled: true + ## @param ruler.persistence.storageClass Specify the `storageClass` used to provision the volume + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. + ## + storageClass: "" + ## @param ruler.persistence.accessModes PVC Access Modes for data volume + ## + accessModes: + - ReadWriteOnce + ## @param ruler.persistence.size PVC Storage Request for data volume + ## + size: 8Gi + ## @param ruler.persistence.annotations Annotations for the PVC + ## + annotations: {} + ## @param ruler.persistence.existingClaim Name of an existing PVC to use + ## If defined, PVC must be created manually before volume will be bound + ## + existingClaim: "" + ## Persistent Volume Claim Retention Policy + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention + ## + persistentVolumeClaimRetentionPolicy: + ## @param ruler.persistentVolumeClaimRetentionPolicy.enabled Enable Persistent volume retention policy for Thanos Ruler Statefulset + ## + enabled: false + ## @param ruler.persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced + ## + whenScaled: Retain + ## @param ruler.persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted + ## + whenDeleted: Retain + ## @param ruler.automountServiceAccountToken Enable/disable auto mounting of the service account token only for the sts + ## + automountServiceAccountToken: true + ## ServiceAccount configuration + ## @param ruler.serviceAccount.create Specifies whether a ServiceAccount should be created + ## @param ruler.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template. + ## @param ruler.serviceAccount.annotations Annotations for Thanos Ruler Service Account + ## @param ruler.serviceAccount.automountServiceAccountToken Enable/disable auto mounting of the service account token + ## + serviceAccount: + create: true + name: "" + annotations: {} + automountServiceAccountToken: false + ## Thanos Ruler Autoscaling configuration + ## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ + ## @param ruler.autoscaling.enabled Enable autoscaling for Thanos Ruler + ## @param ruler.autoscaling.minReplicas Minimum number of Thanos Ruler replicas + ## @param ruler.autoscaling.maxReplicas Maximum number of Thanos Ruler replicas + ## @param ruler.autoscaling.targetCPU Target CPU utilization percentage + ## @param ruler.autoscaling.targetMemory Target Memory utilization percentage + ## + autoscaling: + enabled: false + minReplicas: "" + maxReplicas: "" + targetCPU: "" + targetMemory: "" + ## Thanos Ruler Pod Disruption Budget configuration + ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb + ## @param ruler.pdb.create Enable/disable a Pod Disruption Budget creation for Thanos Ruler + ## @param ruler.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled + ## @param ruler.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable + ## + pdb: + create: true + minAvailable: "" + maxUnavailable: "" + ## Configure the ingress resource that allows you to access Thanos Ruler + ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ + ## + ingress: + ## @param ruler.ingress.enabled Enable ingress controller resource + ## + enabled: false + ## @param ruler.ingress.hostname Default host for the ingress resource + ## + hostname: thanos-ruler.local + ## @param ruler.ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) + ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . + ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ + ## + ingressClassName: "" + ## @param ruler.ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. + ## For a full list of possible ingress annotations, please see + ## ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md + ## Use this parameter to set the required annotations for cert-manager, see + ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations + ## + ## e.g: + ## annotations: + ## kubernetes.io/ingress.class: nginx + ## cert-manager.io/cluster-issuer: cluster-issuer-name + ## + annotations: {} + ## @param ruler.ingress.extraHosts The list of additional hostnames to be covered with this ingress record. + ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array + ## extraHosts: + ## - name: thanos.local + ## path: / + ## pathType: ImplementationSpecific + ## + extraHosts: [] + ## @param ruler.ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. + ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls + ## extraTls: + ## - hosts: + ## - thanos.local + ## secretName: thanos.local-tls + ## + extraTls: [] + ## @param ruler.ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets + ## key and certificate should start with -----BEGIN CERTIFICATE----- or + ## -----BEGIN RSA PRIVATE KEY----- + ## + ## name should line up with a tlsSecret set further up + ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set + ## + ## It is also possible to create and manage the certificates outside of this helm chart + ## Please see README.md for more information + ## e.g: + ## - name: thanos.local-tls + ## key: + ## certificate: + ## + secrets: [] + ## @param ruler.ingress.extraRules Additional rules to be covered with this ingress record + ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules + ## e.g: + ## extraRules: + ## - host: example.local + ## http: + ## path: / + ## backend: + ## service: + ## name: example-svc + ## port: + ## name: http + ## + extraRules: [] + ## @param ruler.ingress.apiVersion Force Ingress API version (automatically detected if not set) + ## + apiVersion: "" + ## @param ruler.ingress.path Ingress path + ## + path: / + ## @param ruler.ingress.pathType Ingress path type + ## + pathType: ImplementationSpecific +## @section Thanos Receive parameters +receive: + ## @param receive.enabled Enable/disable Thanos Receive component + ## + enabled: false + ## @param receive.mode Mode to run receiver in. Valid options are "standalone" or "dual-mode" + ## ref: https://github.com/thanos-io/thanos/blob/release-0.22/docs/proposals-accepted/202012-receive-split.md + ## Enables running the Thanos Receiver in dual mode. Setting this to "dual-mode" will create a deployment for + ## the stateless thanos distributor. + mode: standalone + ## @param receive.logLevel Thanos Receive log level + ## + logLevel: info + ## @param receive.logFormat Thanos Receive log format + ## + logFormat: logfmt + ## @param receive.tsdbRetention Thanos Receive TSDB retention period + ## + tsdbRetention: 15d + ## @param receive.replicationFactor Thanos Receive replication-factor + ## + replicationFactor: 1 + ## @param receive.config Receive Hashring configuration + ## Note: json formatted string and yaml allowed. + ## e.g: + ## config: + ## - endpoints: + ## - "127.0.0.1:10901" + ## + config: [] + ## @param receive.tsdbPath Thanos Receive path to the time series database + ## + ## e.g.: /var/thanos/receive + tsdbPath: "" + ## @param receive.existingConfigmap Name of existing ConfigMap with Thanos Receive Hashring configuration + ## NOTE: This will override receive.config + ## + existingConfigmap: "" + ## @param receive.replicaLabel Label to treat as a replica indicator along which data is de-duplicated + ## + replicaLabel: replica + ## Thanos Receive parameters + ## ref: https://github.com/thanos-io/thanos/blob/master/docs/components/receive.md#flags + ## + grpc: + ## GRPC server side + ## + server: + ## TLS configuration + ## @param receive.grpc.server.tls.enabled Enable TLS encryption in the GRPC server + ## @param receive.grpc.server.tls.autoGenerated Create self-signed TLS certificates. Currently only supports PEM certificates + ## @param receive.grpc.server.tls.cert TLS Certificate for GRPC server - ignored if existingSecret is provided + ## @param receive.grpc.server.tls.key TLS Key for GRPC server - ignored if existingSecret is provided + ## @param receive.grpc.server.tls.ca TLS CA to verify clients against - ignored if existingSecret is provided + ## @param receive.grpc.server.tls.clientAuthEnabled Enable TLS client verification against provided CA + ## @param receive.grpc.server.tls.existingSecret Existing secret containing your own TLS certificates + ## e.g: + ## existingSecret: + ## name: foo + ## keyMapping: + ## ca-cert: ca.pem + ## tls-cert: cert.pem + ## tls-key: key.pem + ## + tls: + enabled: false + autoGenerated: false + cert: "" + key: "" + ca: "" + clientAuthEnabled: true + existingSecret: {} + ## @param receive.extraEnvVars Extra environment variables for Thanos Receive container + ## e.g: + ## extraEnvVars: + ## - name: FOO + ## value: "bar" + ## + extraEnvVars: [] + ## @param receive.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Thanos Receive nodes + ## + extraEnvVarsCM: "" + ## @param receive.extraEnvVarsSecret Name of existing Secret containing extra env vars for Thanos Receive nodes + ## + extraEnvVarsSecret: "" + ## @param receive.extraFlags Extra Flags to passed to Thanos Receive + ## + extraFlags: [] + ## @param receive.command Override default container command (useful when using custom images) + ## + command: [] + ## @param receive.args Override default container args (useful when using custom images) + ## + args: [] + ## @param receive.replicaCount Number of Thanos Receive replicas to deploy + ## + replicaCount: 1 + ## @param receive.revisionHistoryLimit The number of old history to retain to allow rollback + ## + revisionHistoryLimit: 10 + ## @param receive.updateStrategy.type Update strategy type for Thanos Receive replicas + ## + updateStrategy: + type: RollingUpdate + ## @param receive.podManagementPolicy + ## @param receive.podManagementPolicy Statefulset Pod management policy: OrderedReady (default) or Parallel + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies + ## + podManagementPolicy: OrderedReady + ## @param receive.minReadySeconds How many seconds a pod needs to be ready before killing the next, during update + ## + minReadySeconds: 0 + ## @param receive.containerPorts.http HTTP container port + ## @param receive.containerPorts.grpc GRPC container port + ## @param receive.containerPorts.remote remote-write container port + ## + containerPorts: + http: 10902 + grpc: 10901 + remote: 19291 + ## K8s Pod Security Context for Thanos Receive pods + ## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + ## @param receive.podSecurityContext.enabled Enable security context for the Thanos Receive pods + ## @param receive.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy + ## @param receive.podSecurityContext.sysctls Set kernel settings using the sysctl interface + ## @param receive.podSecurityContext.supplementalGroups Set filesystem extra groups + ## @param receive.podSecurityContext.fsGroup Group ID for the filesystem used by Thanos Receive pods + ## + podSecurityContext: + enabled: true + fsGroupChangePolicy: Always + sysctls: [] + supplementalGroups: [] + fsGroup: 1001 + ## K8s containers' Security Context for Thanos Receive containers + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param receive.containerSecurityContext.enabled Enabled containers' Security Context + ## @param receive.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container + ## @param receive.containerSecurityContext.runAsUser Set containers' Security Context runAsUser + ## @param receive.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup + ## @param receive.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot + ## @param receive.containerSecurityContext.privileged Set container's Security Context privileged + ## @param receive.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem + ## @param receive.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation + ## @param receive.containerSecurityContext.capabilities.drop List of capabilities to be dropped + ## @param receive.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile + ## + containerSecurityContext: + enabled: true + seLinuxOptions: {} + runAsUser: 1001 + runAsGroup: 1001 + runAsNonRoot: true + privileged: false + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + seccompProfile: + type: "RuntimeDefault" + ## Thanos Receive containers' resource requests and limits + ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## @param receive.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if receive.resources is set (receive.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "nano" + ## @param receive.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} + ## Configure extra options for Thanos Receive containers' liveness and readiness probes + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes + ## @param receive.livenessProbe.enabled Enable livenessProbe on Thanos Receive containers + ## @param receive.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param receive.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param receive.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param receive.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param receive.livenessProbe.successThreshold Success threshold for livenessProbe + ## + livenessProbe: + enabled: true + initialDelaySeconds: 30 + timeoutSeconds: 30 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 6 + ## @param receive.readinessProbe.enabled Enable readinessProbe on Thanos Receive containers + ## @param receive.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param receive.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param receive.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param receive.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param receive.readinessProbe.successThreshold Success threshold for readinessProbe + ## + readinessProbe: + enabled: true + initialDelaySeconds: 30 + timeoutSeconds: 30 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 6 + ## @param receive.startupProbe.enabled Enable startupProbe on Thanos Receive containers + ## @param receive.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + ## @param receive.startupProbe.periodSeconds Period seconds for startupProbe + ## @param receive.startupProbe.timeoutSeconds Timeout seconds for startupProbe + ## @param receive.startupProbe.failureThreshold Failure threshold for startupProbe + ## @param receive.startupProbe.successThreshold Success threshold for startupProbe + ## + startupProbe: + enabled: false + initialDelaySeconds: 5 + periodSeconds: 5 + timeoutSeconds: 1 + failureThreshold: 15 + successThreshold: 1 + ## @param receive.customLivenessProbe Custom livenessProbe that overrides the default one + ## + customLivenessProbe: {} + ## @param receive.customReadinessProbe Custom readinessProbe that overrides the default one + ## + customReadinessProbe: {} + ## @param receive.customStartupProbe Custom startupProbe that overrides the default one + ## + customStartupProbe: {} + ## @param receive.initContainers Add additional init containers to the Thanos Receive pods + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + ## e.g: + ## initContainers: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## command: ['sh', '-c', 'echo "hello world"'] + ## + initContainers: [] + ## @param receive.sidecars Extra containers running as sidecars to Thanos Receive pods + ## e.g: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + sidecars: [] + ## @param receive.extraVolumes Extra volumes to add to Thanos Receive + ## + extraVolumes: [] + ## @param receive.extraVolumeMounts Extra volume mounts to add to the receive container + ## + extraVolumeMounts: [] + ## @param receive.podAffinityPreset Thanos Receive pod affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## Allowed values: soft, hard + ## + podAffinityPreset: "" + ## @param receive.podAntiAffinityPreset Thanos Receive pod anti-affinity preset. Ignored if `ruler.affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAntiAffinityPreset: soft + ## Thanos Receive node affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## + nodeAffinityPreset: + ## @param receive.nodeAffinityPreset.type Thanos Receive node affinity preset type. Ignored if `receive.affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param receive.nodeAffinityPreset.key Thanos Receive node label key to match. Ignored if `receive.affinity` is set. + ## e.g: + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## @param receive.nodeAffinityPreset.values Thanos Receive node label values to match. Ignored if `receive.affinity` is set. + ## e.g: + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + ## @param receive.affinity Thanos Receive affinity for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## Note: receive.podAffinityPreset, receive.podAntiAffinityPreset, and receive.nodeAffinityPreset will be ignored when it's set + ## + affinity: {} + ## @param receive.nodeSelector Thanos Receive node labels for pod assignment + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ + ## + nodeSelector: {} + ## @param receive.tolerations Thanos Receive tolerations for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## @param receive.statefulsetLabels Thanos Receive statefulset labels + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + ## + statefulsetLabels: {} + ## @param receive.podLabels Thanos Receive pod labels + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + ## + podLabels: {} + ## @param receive.podAnnotations Annotations for Thanos Receive pods + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + ## @param receive.dnsConfig Deployment pod DNS config + ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ + ## E.g. + ## dnsConfig: + ## options: + ## - name: ndots + ## value: "4" + ## - name: single-request-reopen + ## + dnsConfig: {} + ## @param receive.dnsPolicy Deployment pod DNS policy + ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ + ## E.g. + ## dnsPolicy: ClusterFirstWithHostNet + ## + dnsPolicy: "" + ## @param receive.hostAliases Deployment pod host aliases + ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + ## + hostAliases: [] + ## @param receive.terminationGracePeriodSeconds for the Thanos Receive containers(s) to extend the grace period + ## + terminationGracePeriodSeconds: "" + ## @param receive.lifecycleHooks for the Thanos Receive container(s) to automate configuration before or after startup + ## + lifecycleHooks: {} + ## @param receive.priorityClassName Thanos Receive priorityClassName + ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ + ## + priorityClassName: "" + ## @param receive.schedulerName Name of the k8s scheduler (other than default) for Thanos Receive pods + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + ## + schedulerName: "" + ## @param receive.topologySpreadConstraints Topology Spread Constraints for Thanos Receive pods assignment spread across your cluster among failure-domains + ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods + ## + topologySpreadConstraints: [] + ## Network Policies + ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ + ## + networkPolicy: + ## @param receive.networkPolicy.enabled Specifies whether a NetworkPolicy should be created + ## + enabled: true + ## @param receive.networkPolicy.allowExternal Don't require client label for connections + ## The Policy model to apply. When set to false, only pods with the correct + ## client label will have network access to the ports the application is listening + ## on. When true, the app will accept connections from any source + ## (with the correct destination port). + ## + allowExternal: true + ## @param receive.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. + ## + allowExternalEgress: true + ## @param receive.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraIngress: + ## - ports: + ## - port: 1234 + ## from: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + extraIngress: [] + ## @param receive.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy + ## e.g: + ## extraEgress: + ## - ports: + ## - port: 1234 + ## to: + ## - podSelector: + ## - matchLabels: + ## - role: frontend + ## - podSelector: + ## - matchExpressions: + ## - key: role + ## operator: In + ## values: + ## - frontend + ## + extraEgress: [] + ## @param receive.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces + ## @param receive.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces + ## + ingressNSMatchLabels: {} + ingressNSPodMatchLabels: {} + ## Service parameters + ## + service: + ## @param receive.service.type Kubernetes service type + ## + type: ClusterIP + ## @param receive.service.ports.http Thanos Ruler service HTTP port + ## @param receive.service.ports.grpc Thanos Ruler service GRPC port + ## @param receive.service.ports.remote Thanos Ruler service remote port + ## + ports: + http: 10902 + grpc: 10901 + remote: 19291 + ## @param receive.service.nodePorts.http Specify the Thanos Ruler HTTP nodePort value for the LoadBalancer and NodePort service types + ## @param receive.service.nodePorts.grpc Specify the Thanos Ruler GRPC nodePort value for the LoadBalancer and NodePort service types + ## @param receive.service.nodePorts.remote Specify the Thanos Ruler remote nodePort value for the LoadBalancer and NodePort service types + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + nodePorts: + http: "" + grpc: "" + remote: "" + ## @param receive.service.clusterIP Thanos Ruler service clusterIP IP + ## e.g: + ## clusterIP: None + ## + clusterIP: "" + ## @param receive.service.loadBalancerIP Load balancer IP if service type is `LoadBalancer` + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + loadBalancerIP: "" + ## @param receive.service.loadBalancerSourceRanges Addresses that are allowed when service is LoadBalancer + ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## e.g: + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param receive.service.externalTrafficPolicy Thanos Ruler service externalTrafficPolicy + ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints + ## + externalTrafficPolicy: Cluster + ## @param receive.service.labels Extra labels for Thanos Receive service + ## + labels: {} + ## @param receive.service.annotations Annotations for Thanos Receive service + ## + annotations: {} + ## @param receive.service.extraPorts Extra ports to expose in the Thanos Receive service + ## + extraPorts: [] + ## @param receive.service.labelSelectorsOverride Selector for Thanos receive service + ## + labelSelectorsOverride: {} + ## @param receive.service.additionalHeadless Additional Headless service + ## + additionalHeadless: false + ## Headless service properties + ## + headless: + ## @param receive.service.headless.annotations Annotations for the headless service. + ## + annotations: {} + ## @param receive.automountServiceAccountToken Enable/disable auto mounting of the service account token only for the sts + ## + automountServiceAccountToken: true + ## ServiceAccount configuration + ## @param receive.serviceAccount.create Specifies whether a ServiceAccount should be created + ## @param receive.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template. + ## @param receive.serviceAccount.annotations Annotations for Thanos Receive Service Account + ## @param receive.serviceAccount.automountServiceAccountToken Enable/disable auto mounting of the service account token + ## + serviceAccount: + create: true + name: "" + annotations: {} + automountServiceAccountToken: false + ## Thanos Receive Autoscaling configuration + ## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ + ## @param receive.autoscaling.enabled Enable autoscaling for Thanos Receive + ## @param receive.autoscaling.minReplicas Minimum number of Thanos Receive replicas + ## @param receive.autoscaling.maxReplicas Maximum number of Thanos Receive replicas + ## @param receive.autoscaling.targetCPU Target CPU utilization percentage + ## @param receive.autoscaling.targetMemory Target Memory utilization percentage + ## + autoscaling: + enabled: false + minReplicas: "" + maxReplicas: "" + targetCPU: "" + targetMemory: "" + ## Thanos Receive Pod Disruption Budget configuration + ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb + ## @param receive.pdb.create Enable/disable a Pod Disruption Budget creation for Thanos Receive + ## @param receive.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled + ## @param receive.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable + ## + pdb: + create: true + minAvailable: "" + maxUnavailable: "" + ## Persistence parameters + ## + persistence: + ## @param receive.persistence.enabled Enable data persistence using PVC(s) on Thanos Receive pods + ## + enabled: true + ## @param receive.persistence.storageClass Specify the `storageClass` used to provision the volume + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. + ## + storageClass: "" + ## @param receive.persistence.accessModes PVC Access Modes for data volume + ## + accessModes: + - ReadWriteOnce + ## @param receive.persistence.size PVC Storage Request for data volume + ## + size: 8Gi + ## @param receive.persistence.labels Labels for the PVC + ## + labels: {} + ## @param receive.persistence.annotations Annotations for the PVC + ## + annotations: {} + ## @param receive.persistence.existingClaim Name of an existing PVC to use + ## If defined, PVC must be created manually before volume will be bound + ## + existingClaim: "" + ## Persistent Volume Claim Retention Policy + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention + ## + persistentVolumeClaimRetentionPolicy: + ## @param receive.persistentVolumeClaimRetentionPolicy.enabled Enable Persistent volume retention policy for Thanos Receive Statefulset + ## + enabled: false + ## @param receive.persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced + ## + whenScaled: Retain + ## @param receive.persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted + ## + whenDeleted: Retain + ## Configure the ingress resource that allows you to access Thanos Receive + ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ + ## + ingress: + ## @param receive.ingress.enabled Set to true to enable ingress record generation + ## + enabled: false + ## @param receive.ingress.hostname When the ingress is enabled, a host pointing to this will be created + ## + hostname: thanos-receive.local + ## @param receive.ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) + ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . + ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ + ## + ingressClassName: "" + ## @param receive.ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. + ## For a full list of possible ingress annotations, please see + ## ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md + ## Use this parameter to set the required annotations for cert-manager, see + ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations + ## + ## e.g: + ## annotations: + ## kubernetes.io/ingress.class: nginx + ## cert-manager.io/cluster-issuer: cluster-issuer-name + ## + annotations: {} + ## @param receive.ingress.extraHosts The list of additional hostnames to be covered with this ingress record. + ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array + ## extraHosts: + ## - name: thanos.local + ## path: / + ## pathType: ImplementationSpecific + ## portName: "http" # or "remote" + ## + extraHosts: [] + ## @param receive.ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. + ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls + ## extraTls: + ## - hosts: + ## - thanos.local + ## secretName: thanos.local-tls + ## + extraTls: [] + ## @param receive.ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets + ## key and certificate should start with -----BEGIN CERTIFICATE----- or + ## -----BEGIN RSA PRIVATE KEY----- + ## + ## name should line up with a tlsSecret set further up + ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set + ## + ## It is also possible to create and manage the certificates outside of this helm chart + ## Please see README.md for more information + ## e.g: + ## - name: thanos.local-tls + ## key: + ## certificate: + ## + secrets: [] + ## @param receive.ingress.extraRules Additional rules to be covered with this ingress record + ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules + ## e.g: + ## extraRules: + ## - host: example.local + ## http: + ## path: / + ## backend: + ## service: + ## name: example-svc + ## port: + ## name: http + ## + extraRules: [] + ## @param receive.ingress.tls Enable TLS configuration for the hostname defined at `receive.ingress.hostname` parameter + ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.receive.ingress.hostname }}` + ## You can: + ## - Use the `receive.ingress.secrets` parameter to create this TLS secret + ## - Rely on cert-manager to create it by setting the corresponding annotations + ## - Rely on Helm to create self-signed certificates by setting `receive.ingress.selfSigned=true` + ## + tls: false + ## @param receive.ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm + ## + selfSigned: false + ## @param receive.ingress.apiVersion Override API Version (automatically detected if not set) + ## + apiVersion: "" + ## @param receive.ingress.path Ingress Path + ## + path: / + ## @param receive.ingress.pathType Ingress Path type + ## + pathType: ImplementationSpecific +## @section Thanos Receive Distributor parameters +receiveDistributor: + ## @param receiveDistributor.enabled Enable/disable Thanos Receive Distributor component + ## + enabled: false + ## @param receiveDistributor.logLevel Thanos Receive Distributor log level + ## + logLevel: info + ## @param receiveDistributor.logFormat Thanos Receive Distributor log format + ## + logFormat: logfmt + ## @param receiveDistributor.replicaLabel Label to treat as a replica indicator along which data is de-duplicated + ## + replicaLabel: replica + ## @param receiveDistributor.replicationFactor Thanos Receive Distributor replication-factor + ## + replicationFactor: 1 + ## @param receiveDistributor.extraEnvVars Extra environment variables for Thanos Receive Distributor container + ## e.g: + ## extraEnvVars: + ## - name: FOO + ## value: "bar" + ## + extraEnvVars: [] + ## @param receiveDistributor.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Thanos Receive Distributor nodes + ## + extraEnvVarsCM: "" + ## @param receiveDistributor.extraEnvVarsSecret Name of existing Secret containing extra env vars for Thanos Receive Distributor nodes + ## + extraEnvVarsSecret: "" + ## @param receiveDistributor.extraFlags Extra Flags to passed to Thanos Receive Distributor + ## + extraFlags: [] + ## @param receiveDistributor.command Override default container command (useful when using custom images) + ## + command: [] + ## @param receiveDistributor.args Override default container args (useful when using custom images) + ## + args: [] + ## @param receiveDistributor.replicaCount Number of Thanos Receive Distributor replicas to deploy + ## + replicaCount: 1 + ## @param receiveDistributor.revisionHistoryLimit The number of old history to retain to allow rollback + ## + revisionHistoryLimit: 10 + ## @param receiveDistributor.updateStrategy.type Update strategy type for Thanos Receive Distributor replicas + ## + updateStrategy: + type: RollingUpdate + ## K8s Pod Security Context for Thanos Receive Distributor pods + ## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + ## @param receiveDistributor.podSecurityContext.enabled Enable security context for the Thanos Receive Distributor pods + ## @param receiveDistributor.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy + ## @param receiveDistributor.podSecurityContext.sysctls Set kernel settings using the sysctl interface + ## @param receiveDistributor.podSecurityContext.supplementalGroups Set filesystem extra groups + ## @param receiveDistributor.podSecurityContext.fsGroup Group ID for the filesystem used by Thanos Receive Distributor pods + ## + podSecurityContext: + enabled: true + fsGroupChangePolicy: Always + sysctls: [] + supplementalGroups: [] + fsGroup: 1001 + ## K8s containers' Security Context for Thanos Receive Distributor containers + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param receiveDistributor.containerSecurityContext.enabled Enabled containers' Security Context + ## @param receiveDistributor.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container + ## @param receiveDistributor.containerSecurityContext.runAsUser Set containers' Security Context runAsUser + ## @param receiveDistributor.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup + ## @param receiveDistributor.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot + ## @param receiveDistributor.containerSecurityContext.privileged Set container's Security Context privileged + ## @param receiveDistributor.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem + ## @param receiveDistributor.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation + ## @param receiveDistributor.containerSecurityContext.capabilities.drop List of capabilities to be dropped + ## @param receiveDistributor.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile + ## + containerSecurityContext: + enabled: true + seLinuxOptions: {} + runAsUser: 1001 + runAsGroup: 1001 + runAsNonRoot: true + privileged: false + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + seccompProfile: + type: "RuntimeDefault" + ## Thanos Receive Distributor containers' resource requests and limits + ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## @param receiveDistributor.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if receiveDistributor.resources is set (receiveDistributor.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "nano" + ## @param receiveDistributor.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} + ## Configure extra options for Thanos Receive Distributor containers' liveness and readiness probes + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes + ## @param receiveDistributor.livenessProbe.enabled Enable livenessProbe on Thanos Receive Distributor containers + ## @param receiveDistributor.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param receiveDistributor.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param receiveDistributor.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param receiveDistributor.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param receiveDistributor.livenessProbe.successThreshold Success threshold for livenessProbe + ## + livenessProbe: + enabled: true + initialDelaySeconds: 30 + timeoutSeconds: 30 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 6 + ## @param receiveDistributor.readinessProbe.enabled Enable readinessProbe on Thanos Receive Distributor containers + ## @param receiveDistributor.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param receiveDistributor.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param receiveDistributor.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param receiveDistributor.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param receiveDistributor.readinessProbe.successThreshold Success threshold for readinessProbe + ## + readinessProbe: + enabled: true + initialDelaySeconds: 30 + timeoutSeconds: 30 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 6 + ## @param receiveDistributor.startupProbe.enabled Enable startupProbe on Thanos Receive Distributor containers + ## @param receiveDistributor.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + ## @param receiveDistributor.startupProbe.periodSeconds Period seconds for startupProbe + ## @param receiveDistributor.startupProbe.timeoutSeconds Timeout seconds for startupProbe + ## @param receiveDistributor.startupProbe.failureThreshold Failure threshold for startupProbe + ## @param receiveDistributor.startupProbe.successThreshold Success threshold for startupProbe + ## + startupProbe: + enabled: false + initialDelaySeconds: 5 + periodSeconds: 5 + timeoutSeconds: 1 + failureThreshold: 15 + successThreshold: 1 + ## @param receiveDistributor.customLivenessProbe Custom livenessProbe that overrides the default one + ## + customLivenessProbe: {} + ## @param receiveDistributor.customReadinessProbe Custom readinessProbe that overrides the default one + ## + customReadinessProbe: {} + ## @param receiveDistributor.customStartupProbe Custom startupProbe that overrides the default one + ## + customStartupProbe: {} + ## @param receiveDistributor.initContainers Add additional init containers to the Thanos Receive Distributor pods + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + ## e.g: + ## initContainers: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## command: ['sh', '-c', 'echo "hello world"'] + ## + initContainers: [] + ## @param receiveDistributor.sidecars Extra containers running as sidecars to Thanos Receive Distributor pods + ## e.g: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + sidecars: [] + ## @param receiveDistributor.extraVolumes Extra volumes to add to Thanos Receive Distributor + ## + extraVolumes: [] + ## @param receiveDistributor.extraVolumeMounts Extra volume mounts to add to the receive distributor container + ## + extraVolumeMounts: [] + ## @param receiveDistributor.podAffinityPreset Thanos Receive pod affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## Allowed values: soft, hard + ## + podAffinityPreset: "" + ## @param receiveDistributor.podAntiAffinityPreset Thanos Receive pod anti-affinity preset. Ignored if `receiveDistributor.affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAntiAffinityPreset: soft + ## Thanos Receive node affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## + nodeAffinityPreset: + ## @param receiveDistributor.nodeAffinityPreset.type Thanos Receive node affinity preset type. Ignored if `receiveDistributor.affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param receiveDistributor.nodeAffinityPreset.key Thanos Receive node label key to match. Ignored if `receiveDistributor.affinity` is set. + ## e.g: + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## @param receiveDistributor.nodeAffinityPreset.values Thanos Receive node label values to match. Ignored if `receiveDistributor.affinity` is set. + ## e.g: + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + ## @param receiveDistributor.affinity Thanos Receive Distributor affinity for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## Note: receiveDistributor.podAffinityPreset, receiveDistributor.podAntiAffinityPreset, and receiveDistributor.nodeAffinityPreset will be ignored when it's set + ## + affinity: {} + ## @param receiveDistributor.nodeSelector Thanos Receive Distributor node labels for pod assignment + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ + ## + nodeSelector: {} + ## @param receiveDistributor.tolerations Thanos Receive Distributor tolerations for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## @param receiveDistributor.podLabels Thanos Receive Distributor pod labels + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + ## + podLabels: {} + ## @param receiveDistributor.podAnnotations Annotations for Thanos Receive Distributor pods + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + ## @param receiveDistributor.dnsConfig Deployment pod DNS config + ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ + ## E.g. + ## dnsConfig: + ## options: + ## - name: ndots + ## value: "4" + ## - name: single-request-reopen + ## + dnsConfig: {} + ## @param receiveDistributor.dnsPolicy Deployment pod DNS policy + ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ + ## E.g. + ## dnsPolicy: ClusterFirstWithHostNet + ## + dnsPolicy: "" + ## @param receiveDistributor.hostAliases Deployment pod host aliases + ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + ## + hostAliases: [] + ## @param receiveDistributor.lifecycleHooks for the Thanos Receive Distributor container(s) to automate configuration before or after startup + ## + lifecycleHooks: {} + ## @param receiveDistributor.priorityClassName Thanos Receive Distributor priorityClassName + ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ + ## + priorityClassName: "" + ## @param receiveDistributor.schedulerName Name of the k8s scheduler (other than default) for Thanos Receive Distributor pods + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + ## + schedulerName: "" + ## @param receiveDistributor.topologySpreadConstraints Topology Spread Constraints for Thanos Receive Distributor pods assignment spread across your cluster among failure-domains + ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods + ## + topologySpreadConstraints: [] + ## @param receiveDistributor.automountServiceAccountToken Enable/disable auto mounting of the service account token only for the deployment + ## + automountServiceAccountToken: true + ## ServiceAccount configuration + ## @param receiveDistributor.serviceAccount.create Specifies whether a ServiceAccount should be created + ## @param receiveDistributor.serviceAccount.name Name of the service account to use. If not set and create is true, a name is generated using the fullname template. + ## @param receiveDistributor.serviceAccount.annotations Annotations for Thanos Receive Distributor Service Account + ## @param receiveDistributor.serviceAccount.automountServiceAccountToken Enable/disable auto mounting of the service account token + ## + serviceAccount: + create: true + name: "" + annotations: {} + automountServiceAccountToken: false + ## Thanos Receive Distributor Autoscaling configuration + ## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ + ## @param receiveDistributor.autoscaling.enabled Enable autoscaling for Thanos Receive Distributor + ## @param receiveDistributor.autoscaling.minReplicas Minimum number of Thanos Receive Distributor replicas + ## @param receiveDistributor.autoscaling.maxReplicas Maximum number of Thanos Receive Distributor replicas + ## @param receiveDistributor.autoscaling.targetCPU Target CPU utilization percentage + ## @param receiveDistributor.autoscaling.targetMemory Target Memory utilization percentage + ## + autoscaling: + enabled: false + minReplicas: "" + maxReplicas: "" + targetCPU: "" + targetMemory: "" + ## Thanos Receive Distributor Pod Disruption Budget configuration + ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb + ## @param receiveDistributor.pdb.create Enable/disable a Pod Disruption Budget creation for Thanos Receive Distributor + ## @param receiveDistributor.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled + ## @param receiveDistributor.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable + ## + pdb: + create: true + minAvailable: "" + maxUnavailable: "" +## @section Metrics parameters + +## Prometheus metrics +## +metrics: + ## @param metrics.enabled Enable the export of Prometheus metrics + ## + enabled: false + ## Prometheus Operator ServiceMonitor configuration + ## + serviceMonitor: + ## @param metrics.serviceMonitor.enabled Specify if a ServiceMonitor will be deployed for Prometheus Operator + ## + enabled: false + ## @param metrics.serviceMonitor.namespace Namespace in which Prometheus is running + ## + namespace: "" + ## @param metrics.serviceMonitor.labels Extra labels for the ServiceMonitor + ## + labels: {} + ## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in Prometheus + ## + jobLabel: "" + ## @param metrics.serviceMonitor.interval How frequently to scrape metrics + ## e.g: + ## interval: 10s + ## + interval: "" + ## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended + ## e.g: + ## scrapeTimeout: 10s + ## + scrapeTimeout: "" + ## @param metrics.serviceMonitor.metricRelabelings [array] Specify additional relabeling of metrics + ## + metricRelabelings: [] + ## @param metrics.serviceMonitor.relabelings [array] Specify general relabeling + ## + relabelings: [] + ## @param metrics.serviceMonitor.selector Prometheus instance selector labels + ## ref: https://github.com/bitnami/charts/tree/main/bitnami/prometheus-operator#prometheus-configuration + ## + selector: {} + ## @param metrics.serviceMonitor.extraParameters Any extra parameter to be added to the endpoint configured in the ServiceMonitor + ## (e.g. tlsConfig for further customization of the HTTPS behavior) + ## Note that the 'scheme' is automatically set to 'https' when the 'https.enabled' flag is used in this chart. + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#monitoring.coreos.com/v1.Endpoint + ## + extraParameters: {} + ## PrometheusRule CRD configuration + ## + prometheusRule: + ## @param metrics.prometheusRule.enabled If `true`, creates a Prometheus Operator PrometheusRule (also requires `metrics.enabled` to be `true`) + ## + enabled: false + ## Configure prometheus rules + ## + default: + ## @extra metrics.prometheusRule.default.absent_rules Enable absent_rules when metrics.prometheusRule.default.create is false (also requires `metrics.enabled` to be `true`) + ## @extra metrics.prometheusRule.default.compaction Enable compaction rules when metrics.prometheusRule.default.create is false (also requires `metrics.enabled` to be `true`) + ## @extra metrics.prometheusRule.default.query Enable query when metrics.prometheusRule.default.create is false (also requires `metrics.enabled` to be `true`) + ## @extra metrics.prometheusRule.default.receive Enable receive rules when metrics.prometheusRule.default.create is false (also requires `metrics.enabled` to be `true`) + ## @extra metrics.prometheusRule.default.replicate Enable replicate rules when metrics.prometheusRule.default.create is false (also requires `metrics.enabled` to be `true`) + ## @extra metrics.prometheusRule.default.ruler Enable ruler rules when metrics.prometheusRule.default.create is false (also requires `metrics.enabled` to be `true`) + ## @extra metrics.prometheusRule.default.sidecar Enable sidecar rules when metrics.prometheusRule.default.create is false (also requires `metrics.enabled` to be `true`) + ## @param metrics.prometheusRule.default.sidecarJobRegex Allows the customization of the thanos-sidecar job name to use in the sidecar prometheus alerts + sidecarJobRegex: ".*thanos-sidecar.*" + ## @extra metrics.prometheusRule.default.store_gateway Enable store_gateway rules when metrics.prometheusRule.default.create is false (also requires `metrics.enabled` to be `true`) + ## @param metrics.prometheusRule.default.create would create all default prometheus alerts + ## + create: false + ## @extra metrics.prometheusRule.default.disabled.ThanosCompactIsDown Disable ThanosCompactIsDown rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.absent_rules is true + ## @extra metrics.prometheusRule.default.disabled.ThanosQueryIsDown Disable ThanosQueryIsDown rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.absent_rules is true + ## @extra metrics.prometheusRule.default.disabled.ThanosReceiveIsDown Disable ThanosReceiveIsDown rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.absent_rules is true + ## @extra metrics.prometheusRule.default.disabled.ThanosRuleIsDown Disable ThanosRuleIsDown rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.absent_rules is true + ## @extra metrics.prometheusRule.default.disabled.ThanosSidecarIsDown Disable ThanosSidecarIsDown rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.absent_rules is true + ## @extra metrics.prometheusRule.default.disabled.ThanosStoreIsDown Disable ThanosStoreIsDown rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.absent_rules is true + ## @extra metrics.prometheusRule.default.disabled.ThanosCompactMultipleRunning Disable ThanosCompactMultipleRunning rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.compaction is true + ## @extra metrics.prometheusRule.default.disabled.ThanosCompactHalted Disable ThanosCompactMultipleRunning rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.compaction is true + ## @extra metrics.prometheusRule.default.disabled.ThanosCompactHighCompactionFailures Disable ThanosCompactMultipleRunning rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.compaction is true + ## @extra metrics.prometheusRule.default.disabled.ThanosCompactBucketHighOperationFailures Disable ThanosCompactMultipleRunning rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.compaction is true + ## @extra metrics.prometheusRule.default.disabled.ThanosCompactHasNotRun Disable ThanosCompactMultipleRunning rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.compaction is true + ## @extra metrics.prometheusRule.default.disabled.ThanosQueryHttpRequestQueryErrorRateHigh Disable ThanosQueryHttpRequestQueryErrorRateHigh rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.query is true + ## @extra metrics.prometheusRule.default.disabled.ThanosQueryHttpRequestQueryRangeErrorRateHigh Disable ThanosQueryHttpRequestQueryRangeErrorRateHigh rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.query is true + ## @extra metrics.prometheusRule.default.disabled.ThanosQueryGrpcServerErrorRate Disable ThanosQueryGrpcServerErrorRate rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.query is true + ## @extra metrics.prometheusRule.default.disabled.ThanosQueryGrpcClientErrorRate Disable ThanosQueryGrpcClientErrorRate rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.query is true + ## @extra metrics.prometheusRule.default.disabled.ThanosQueryHighDNSFailures Disable ThanosQueryHighDNSFailures rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.query is true + ## @extra metrics.prometheusRule.default.disabled.ThanosQueryInstantLatencyHigh Disable ThanosQueryInstantLatencyHigh rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.query is true + ## @extra metrics.prometheusRule.default.disabled.ThanosQueryRangeLatencyHigh Disable ThanosQueryRangeLatencyHigh rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.query is true + ## @extra metrics.prometheusRule.default.disabled.ThanosQueryOverload Disable ThanosQueryOverload rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.query is true + ## @extra metrics.prometheusRule.default.disabled.ThanosReceiveHttpRequestErrorRateHigh Disable ThanosReceiveHttpRequestErrorRateHigh rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.receive is true + ## @extra metrics.prometheusRule.default.disabled.ThanosReceiveHttpRequestLatencyHigh Disable ThanosReceiveHttpRequestLatencyHigh rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.receive is true + ## @extra metrics.prometheusRule.default.disabled.ThanosReceiveHighReplicationFailures Disable ThanosReceiveHighReplicationFailures rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.receive is true + ## @extra metrics.prometheusRule.default.disabled.ThanosReceiveHighForwardRequestFailures Disable ThanosReceiveHighForwardRequestFailures rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.receive is true + ## @extra metrics.prometheusRule.default.disabled.ThanosReceiveHighHashringFileRefreshFailures Disable ThanosReceiveHighHashringFileRefreshFailures rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.receive is true + ## @extra metrics.prometheusRule.default.disabled.ThanosReceiveConfigReloadFailure Disable ThanosReceiveConfigReloadFailure rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.receive is true + ## @extra metrics.prometheusRule.default.disabled.ThanosReceiveNoUpload Disable ThanosReceiveNoUpload rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.receive is true + ## @extra metrics.prometheusRule.default.disabled.ThanosReceiveTrafficBelowThreshold Disable ThanosReceiveTrafficBelowThreshold rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.receive is true + ## @extra metrics.prometheusRule.default.disabled.ThanosBucketReplicateErrorRate Disable ThanosBucketReplicateErrorRate rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.receive is true + ## @extra metrics.prometheusRule.default.disabled.ThanosBucketReplicateRunLatency Disable ThanosBucketReplicateRunLatency rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.receive is true + ## @extra metrics.prometheusRule.default.disabled.ThanosRuleQueueIsDroppingAlerts Disable ThanosRuleQueueIsDroppingAlerts rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.ruler is true + ## @extra metrics.prometheusRule.default.disabled.ThanosRuleSenderIsFailingAlerts Disable ThanosRuleSenderIsFailingAlerts rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.ruler is true + ## @extra metrics.prometheusRule.default.disabled.ThanosRuleHighRuleEvaluationFailures Disable ThanosRuleHighRuleEvaluationFailures rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.ruler is true + ## @extra metrics.prometheusRule.default.disabled.ThanosRuleHighRuleEvaluationWarnings Disable ThanosRuleHighRuleEvaluationWarnings rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.ruler is true + ## @extra metrics.prometheusRule.default.disabled.ThanosRuleRuleEvaluationLatencyHigh Disable ThanosRuleRuleEvaluationLatencyHigh rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.ruler is true + ## @extra metrics.prometheusRule.default.disabled.ThanosRuleGrpcErrorRate Disable ThanosRuleGrpcErrorRate rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.ruler is true + ## @extra metrics.prometheusRule.default.disabled.ThanosRuleConfigReloadFailure Disable ThanosRuleConfigReloadFailure rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.ruler is true + ## @extra metrics.prometheusRule.default.disabled.ThanosRuleQueryHighDNSFailures Disable ThanosRuleQueryHighDNSFailures rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.ruler is true + ## @extra metrics.prometheusRule.default.disabled.ThanosRuleAlertmanagerHighDNSFailures Disable ThanosRuleAlertmanagerHighDNSFailures rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.ruler is true + ## @extra metrics.prometheusRule.default.disabled.ThanosRuleNoEvaluationFor10Intervals Disable ThanosRuleNoEvaluationFor10Intervals rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.ruler is true + ## @extra metrics.prometheusRule.default.disabled.ThanosNoRuleEvaluations Disable ThanosNoRuleEvaluations rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.ruler is true + ## @extra metrics.prometheusRule.default.disabled.ThanosSidecarBucketOperationsFailed Disable ThanosSidecarBucketOperationsFailed rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.sidecar is true + ## @extra metrics.prometheusRule.default.disabled.ThanosSidecarNoConnectionToStartedPrometheus Disable ThanosSidecarNoConnectionToStartedPrometheus rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.sidecar is true + ## @extra metrics.prometheusRule.default.disabled.ThanosStoreGrpcErrorRate Disable ThanosSidecarNoConnectionToStartedPrometheus rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.store_gateway is true + ## @extra metrics.prometheusRule.default.disabled.ThanosStoreSeriesGateLatencyHigh Disable ThanosStoreSeriesGateLatencyHigh rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.store_gateway is true + ## @extra metrics.prometheusRule.default.disabled.ThanosStoreBucketHighOperationFailures Disable ThanosStoreBucketHighOperationFailures rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.store_gateway is true + ## @extra metrics.prometheusRule.default.disabled.ThanosStoreObjstoreOperationLatencyHigh Disable ThanosStoreObjstoreOperationLatencyHigh rule when metrics.prometheusRule.default.create or metrics.prometheusRule.default.store_gateway is true + ## @param metrics.prometheusRule.default.disabled disable one specific prometheus alert rule + ## + disabled: {} + ## @param metrics.prometheusRule.runbookUrl Prefix for runbook URLs. Use this to override the first part of the runbookURLs that is common to all rules + ## + runbookUrl: "https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-" + ## @param metrics.prometheusRule.namespace Namespace in which the PrometheusRule CRD is created + ## + namespace: "" + ## @param metrics.prometheusRule.additionalLabels Additional labels for the prometheusRule + ## + additionalLabels: {} + ## @param metrics.prometheusRule.groups Prometheus Rule Groups for Thanos components + ## These are just examples rules, please adapt them to your needs. + ## groups: + ## - name: Compactor + ## rules: + ## - alert: ThanosCompactMultipleRunning + ## annotations: + ## description: No more than one Thanos Compact instance should be running at once. There are {{`{{`}}$value{{`}}`}} instances running. + ## runbook_url: {{ .Values.metrics.prometheusRule.runbookUrl }}thanoscompactmultiplerunning + ## summary: Thanos Compact has multiple instances running. + ## expr: sum by (job) (up{job=~"{{ template "common.names.fullname" . }}-compact.*"}) > 1 + ## for: 5m + ## labels: + ## severity: warning + groups: [] +## @section Volume Permissions parameters + +## 'volumePermissions' init container parameters +## Changes the owner and group of the persistent volume mount point to runAsUser:fsGroup values +## based on the *podSecurityContext/*containerSecurityContext parameters +## +volumePermissions: + ## @param volumePermissions.enabled Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` + ## + enabled: false + ## @param volumePermissions.image.registry [default: REGISTRY_NAME] Init container volume-permissions image registry + ## @param volumePermissions.image.repository [default: REPOSITORY_NAME/os-shell] Init container volume-permissions image repository + ## @skip volumePermissions.image.tag Init container volume-permissions image tag + ## @param volumePermissions.image.digest Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag + ## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy + ## @param volumePermissions.image.pullSecrets Specify docker-registry secret names as an array + ## + image: + registry: docker.io + repository: bitnami/os-shell + tag: 12-debian-12-r27 + digest: "" + ## Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] +## @section MinIO® chart parameters +## @extra minio For full list of MinIO® values configurations please refere [here](https://github.com/bitnami/charts/tree/main/bitnami/minio) +minio: + ## @param minio.enabled Enable/disable MinIO® chart installation + ## to be used as an objstore for Thanos + ## + enabled: false + ## MinIO® authentication parameters + ## + auth: + ## @param minio.auth.rootUser MinIO® root username + ## + rootUser: admin + ## @param minio.auth.rootPassword Password for MinIO® root user + ## + rootPassword: "" + ## @param minio.defaultBuckets Comma, semi-colon or space separated list of MinIO® buckets to create + ## + defaultBuckets: "thanos" + ## MinIO® containers' resource requests and limits + ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param minio.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "micro" + ## @param minio.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} diff --git a/core.yaml b/core.yaml index 0a349f165c..4accb0d71f 100644 --- a/core.yaml +++ b/core.yaml @@ -311,7 +311,6 @@ adminApps: - svc: po-prometheus port: 9090 namespace: monitoring - # namespace: prometheus type: public auth: true - name: sealed-secrets @@ -333,6 +332,15 @@ adminApps: tags: [security] - name: rabbitmq tags: [messaging] + - name: thanos + tags: [metrics, observability] + ownHost: true + ingress: + - svc: thanos-query + port: 9090 + namespace: monitoring + type: public + auth: true teamApps: - name: alertmanager diff --git a/helmfile.d/helmfile-08.init.yaml b/helmfile.d/helmfile-08.init.yaml index 7df5608d85..0dd2d17108 100644 --- a/helmfile.d/helmfile-08.init.yaml +++ b/helmfile.d/helmfile-08.init.yaml @@ -29,7 +29,13 @@ releases: - {{- $a | get "prometheus._rawValues" dict | toYaml | nindent 8 }} - alertmanager: {{- $a | get "alertmanager._rawValues" dict | toYaml | nindent 10 }} - grafana: {{- $a | get "grafana._rawValues" dict | toYaml | nindent 10 }} - <<: *upgrade + <<: *upgrade + - name: thanos + installed: {{ $a | get "thanos.enabled" }} + namespace: monitoring + labels: + pkg: thanos + <<: *default - name: kured installed: {{ $a | get "kured.enabled" }} namespace: kube-system diff --git a/helmfile.d/helmfile-60.teams.yaml b/helmfile.d/helmfile-60.teams.yaml index 483bf1f043..234b73b6f1 100644 --- a/helmfile.d/helmfile-60.teams.yaml +++ b/helmfile.d/helmfile-60.teams.yaml @@ -28,7 +28,6 @@ releases: {{- $alertmanagerDomain := printf "alertmanager.%s" $domain }} {{- $prometheusDomain := printf "prometheus-%s.%s" $teamId $domain }} {{- $grafanaDomain := printf "grafana-%s.%s" $teamId $domain }} - {{- $azure := $team | get "azure" dict }} - name: tekton-dashboard-{{ $teamId }} installed: true namespace: team-{{ $teamId }} @@ -40,7 +39,7 @@ releases: values: - ../values/tekton-dashboard/tekton-dashboard-teams.gotmpl - name: prometheus-{{ $teamId }} - installed: {{ or ($team | get "managedMonitoring.grafana" false) ($team | get "managedMonitoring.prometheus" false) ($team | get "managedMonitoring.alertmanager" false) }} + installed: {{ or ($team | get "managedMonitoring.grafana" false) ($team | get "managedMonitoring.alertmanager" false) }} namespace: team-{{ $teamId }} chart: ../charts/kube-prometheus-stack labels: @@ -61,47 +60,11 @@ releases: annotations: sidecar.istio.io/inject: "true" labels: - prometheus: team-{{ $teamId }} + prometheus: system # to do: load slackTpl and opsgenieTpl only if alerts.receicers = true - config: {{- tpl (readFile "../helmfile.d/snippets/alertmanager.gotmpl") (dict "instance" $team "root" $v "slackTpl" $slackTpl "opsgenieTpl" $opsgenieTpl) | nindent 12 }} - defaultRules: - appNamespacesTarget: team-{{ $teamId }} - rules: - general: {{ $team | get "managedMonitoring.prometheus" false }} - commonLabels: - prometheus: team-{{ $teamId }} + config: {{- tpl (readFile "../helmfile.d/snippets/alertmanager-teams.gotmpl") (dict "instance" $team "root" $v "slackTpl" $slackTpl "opsgenieTpl" $opsgenieTpl) | nindent 12 }} prometheus: - enabled: {{ $team | get "managedMonitoring.prometheus" false }} - namespaceOverride: null # team-{{ $teamId }} - prometheusSpec: - podMetadata: - annotations: - traffic.sidecar.istio.io/excludeOutboundPorts: "9093" - labels: - otomi.io/app: prometheus-team-{{ $teamId }} - externalLabels: - cluster: "prometheus-{{ $teamId }}.{{ $domain }}" - externalUrl: "https://prometheus-{{ $teamId }}.{{ $domain }}" - {{- range $selType := list "podMonitor" "probe" "rule" "serviceMonitor" }} - {{ $selType }}NamespaceSelector: - matchExpressions: - - key: name - operator: In - values: - - team-{{ $teamId }} - {{ $selType }}Selector: - matchLabels: - prometheus: team-{{ $teamId }} - {{- end }} - {{- if gt (len .services) 0 }} - additionalScrapeConfigs: - {{- tpl (readFile "../helmfile.d/snippets/blackbox-targets.gotmpl") (dict "teamId" $teamId "namespace" (printf "team-%s" $teamId) "services" $teamServices "domain" $domain) | nindent 12 }} - {{- end }} - {{- if $team | get "managedMonitoring.prometheus" false }} - additionalPrometheusRules: - - name: blackbox - {{- readFile "../values/prometheus-operator/rules/blackbox.yaml" | nindent 12 }} - {{- end }} + enabled: false grafana: enabled: {{ $team | get "managedMonitoring.grafana" false }} namespaceOverride: null # team-{{ $teamId }} @@ -114,21 +77,37 @@ releases: root_url: https://grafana-{{ $teamId }}.{{ $domain }} sidecar: datasources: - defaultDatasourceEnabled: {{ $team | get "managedMonitoring.prometheus" false }} - uid: Prometheus-team + isDefaultDatasource: false dashboards: enabled: true label: release labelValue: grafana-dashboards-{{ $teamId }} additionalDataSources: - - name: Prometheus-platform + {{- if not $v.apps.thanos.enabled }} + - name: Prometheus Platform editable: false uid: prometheus-platform + isDefault: true type: prometheus access: proxy url: http://po-prometheus.monitoring:9090 jsonData: httpMethod: GET + {{- end }} + {{- if $v.apps.thanos.enabled }} + - name: Thanos Query + access: proxy + isDefault: true + basicAuth: false + editable: false + orgId: 1 + type: prometheus + url: http://thanos-query.monitoring:9090 + jsonData: + prometheusType: Thanos + timeInterval: "60s" + {{- end }} + {{- if $v.apps.loki.enabled }} - name: Loki editable: false uid: loki @@ -139,6 +118,8 @@ releases: basicAuthUser: {{ $teamId }} secureJsonData: basicAuthPassword: {{ $team.password }} + {{- end }} + {{- if $v.apps.tempo.enabled }} jsonData: derivedFields: - datasourceName: Tempo @@ -184,9 +165,10 @@ releases: tag: 'http.path' lokiSearch: datasourceUid: 'loki' + {{- end }} {{- if has "msteams" ($team | get "alerts.receivers" list) }} - name: prometheus-msteams-{{ $teamId }} - installed: {{ $team | get "managedMonitoring.prometheus" false }} + installed: true namespace: team-{{ $teamId }} chart: ../charts/prometheus-msteams labels: @@ -221,13 +203,9 @@ releases: {{- if $v.apps.falco.enabled }} - falco-teams {{- end }} - {{- if and (eq $v.cluster.provider "azure") ($team | get "azureMonitor" ($v | get "azure.monitor" nil)) }} - - azure - {{- end }} {{- if $v.apps.trivy.enabled }} - trivy-teams {{- end }} - - name: team-ns-{{ $teamId }} installed: true namespace: team-{{ $teamId }} @@ -245,6 +223,7 @@ releases: domain: {{ $domain }} ingress: {{- $v.ingress | toYaml | nindent 10 }} dns: {{- $v.dns | toYaml | nindent 10 }} + obj: {{- $v.obj | toYaml | nindent 10 }} - {{- omit $team "apps" | toYaml | nindent 8 }} teamId: {{ $teamId }} teamIds: {{- toYaml (keys $v.teamConfig) | nindent 10 }} diff --git a/helmfile.d/snippets/alertmanager-platform.gotmpl b/helmfile.d/snippets/alertmanager-platform.gotmpl new file mode 100644 index 0000000000..3aacdd174f --- /dev/null +++ b/helmfile.d/snippets/alertmanager-platform.gotmpl @@ -0,0 +1,102 @@ +{{- $receivers := .instance | get "alerts.receivers" (.root | get "alerts.receivers" (list "slack")) }} +{{- $suffix := (true | ternary "" ".monitoring.svc.cluster.local") }} +global: +{{- if (has "slack" $receivers ) }} + slack_api_url: {{ .instance | get "alerts.slack.url" (.root | get "alerts.slack.url" (.root | get "home.slack.url" nil)) }} +{{- end }} +{{- if (has "opsgenie" $receivers ) }} + opsgenie_api_key: {{ .instance | get "alerts.opsgenie.apiKey" (.root | get "alerts.opsgenie.apiKey") }} + opsgenie_api_url: {{ .instance | get "alerts.opsgenie.url" (.root | get "alerts.opsgenie.url") }} +{{- end }} +{{- if or (has "email" $receivers) }} + smtp_smarthost: {{ .root | get "smtp.smarthost" }} + smtp_hello: {{ .root | get "smtp.hello" .root.cluster.domainSuffix }} + smtp_from: {{ .root | get "smtp.from" (print "alerts@" .root.cluster.domainSuffix) }} + smtp_auth_username: {{ .root | get "smtp.auth_username" nil }} + smtp_auth_password: {{ .root | get "smtp.auth_password" nil }} + smtp_auth_secret: {{ .root | get "smtp.auth_secret" nil }} + smtp_auth_identity: {{ .root | get "smtp.auth_identity" nil }} +{{- end }} +route: + receiver: "null" + group_by: [alertname] + group_interval: {{ .instance | get "alerts.groupInterval" (.root | get "alerts.groupInterval" "5m") }} + repeat_interval: {{ .instance | get "alerts.repeatInterval" (.root | get "alerts.repeatInterval" "3h") }} + routes: + - match: + alertname: Watchdog + receiver: "null" + - match: + alertname: CPUThrottlingHigh + {{- if (has "none" $receivers ) }} + receiver: "null" + {{- else }} + receiver: default + {{- end }} + - match: + severity: critical + {{- if (has "none" $receivers) }} + receiver: "null" + {{- else }} + receiver: critical + {{- end }} +receivers: + - name: "null" +{{- if not (has "none" $receivers ) }} + - name: default + {{- if has "slack" $receivers }} + slack_configs: + - channel: "#{{ .instance | get "alerts.slack.channel" (.root | get "alerts.slack.channel" "mon-otomi") }}" + send_resolved: true + {{- .slackTpl | nindent 8 }} + {{- end }} + {{- if has "opsgenie" $receivers }} + opsgenie_configs: + - priority: "P2" + send_resolved: true + responders: {{- .instance | get "alerts.opsgenie.responders" (.root | get "alerts.opsgenie.responders" nil) | toYaml | nindent 10 }} + {{- .opsgenieTpl | nindent 8 }} + {{- end }} + {{- if has "msteams" $receivers }} + webhook_configs: + - url: "http://prometheus-msteams{{ $suffix }}:2000/low_priority_channel" + send_resolved: true + {{- end }} + {{- if has "email" $receivers }} + {{- $nonCriticalTo := .instance | get "alerts.email.nonCritical" (.root | get "alerts.email.nonCritical") }} + {{- if $nonCriticalTo }} + email_configs: + - to: {{ $nonCriticalTo }} + send_resolved: true + {{- end }} + {{- end }} +{{- end }} + +{{- if not (has "none" $receivers ) }} + - name: critical + {{- if has "slack" $receivers }} + slack_configs: + - channel: "#{{ .instance | get "alerts.slack.channelCrit" (.root | get "alerts.slack.channelCrit" "mon-otomi-crit") }}" + {{- .slackTpl | nindent 8 }} + {{- end }} + {{- if has "opsgenie" $receivers }} + opsgenie_configs: + - priority: "P1" + send_resolved: true + responders: {{- .instance | get "alerts.opsgenie.responders" (.root | get "alerts.opsgenie.responders" nil) | toYaml | nindent 10 }} + {{- .opsgenieTpl | nindent 8 }} + {{- end }} + {{- if has "msteams" $receivers }} + webhook_configs: + - url: "http://prometheus-msteams{{ $suffix }}:800/high_priority_channel" + send_resolved: true + {{- end }} + {{- if has "email" $receivers }} + {{- $criticalTo := .instance | get "alerts.email.critical" (.root | get "alerts.email.critical" nil) }} + {{- if $criticalTo }} + email_configs: + - to: {{ $criticalTo }} + send_resolved: true + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helmfile.d/snippets/alertmanager.gotmpl b/helmfile.d/snippets/alertmanager-teams.gotmpl similarity index 89% rename from helmfile.d/snippets/alertmanager.gotmpl rename to helmfile.d/snippets/alertmanager-teams.gotmpl index b59191f207..b7426fe80e 100644 --- a/helmfile.d/snippets/alertmanager.gotmpl +++ b/helmfile.d/snippets/alertmanager-teams.gotmpl @@ -1,12 +1,13 @@ {{- $receivers := .instance | get "alerts.receivers" (.root | get "alerts.receivers" (list "slack")) }} +{{- $team := .instance | get "managedMonitoring" }} {{- $suffix := (true | ternary "" ".monitoring.svc.cluster.local") }} global: {{- if (has "slack" $receivers ) }} slack_api_url: {{ .instance | get "alerts.slack.url" (.root | get "alerts.slack.url" (.root | get "home.slack.url" nil)) }} {{- end }} {{- if (has "opsgenie" $receivers ) }} - opsgenie_api_key: {{ .instance | get "alerts.opsgenie.apiKey" (.root | get "alerts.opsgenie.apiKey" (.root | get "home.opsgenie.apiKey" nil)) }} - opsgenie_api_url: {{ .instance | get "alerts.opsgenie.url" (.root | get "alerts.opsgenie.url" (.root | get "home.opsgenie.url" nil)) }} + opsgenie_api_key: {{ .instance | get "alerts.opsgenie.apiKey" (.root | get "alerts.opsgenie.apiKey") }} + opsgenie_api_url: {{ .instance | get "alerts.opsgenie.url" (.root | get "alerts.opsgenie.url") }} {{- end }} {{- if or (has "email" $receivers) }} smtp_smarthost: {{ .root | get "smtp.smarthost" }} @@ -23,27 +24,21 @@ route: group_interval: {{ .instance | get "alerts.groupInterval" (.root | get "alerts.groupInterval" "5m") }} repeat_interval: {{ .instance | get "alerts.repeatInterval" (.root | get "alerts.repeatInterval" "3h") }} routes: - - match: + - matchers: alertname: Watchdog + namespace: "team-{{ .instance | get "id" }}" receiver: "null" - - match: + - matchers: alertname: CPUThrottlingHigh + namespace: "team-{{ .instance | get "id" }}" {{- if (has "none" $receivers ) }} receiver: "null" {{- else }} receiver: default {{- end }} - {{- if eq .root.cluster.provider "azure" }} - - match: - alertname: KubeAPILatencyHigh - {{- if (has "none" $receivers ) }} - receiver: "null" - {{- else }} - receiver: default - {{- end }} - {{- end }} - - match: + - matchers: severity: critical + namespace: "team-{{ .instance | get "id" }}" {{- if (has "none" $receivers ) }} receiver: "null" {{- else }} diff --git a/helmfile.d/snippets/defaults.yaml b/helmfile.d/snippets/defaults.yaml index 6117fac9b5..416301fe26 100644 --- a/helmfile.d/snippets/defaults.yaml +++ b/helmfile.d/snippets/defaults.yaml @@ -843,6 +843,42 @@ environments: targetCPUUtilizationPercentage: 80 targetMemoryUtilizationPercentage: 80 _rawValues: {} + thanos: + enabled: false + query: + replicaCount: 1 + compactor: + retentionResolutionRaw: 30d + retentionResolution5m: 30d + retentionResolution1h: 10y + persistence: + compactor: + size: 10Gi + storegateway: + size: 10Gi + resources: + query: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: "1" + memory: 1Gi + compactor: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: "1" + memory: 1Gi + storegateway: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: "1" + memory: 1Gi + _rawValues: {} rabbitmq: enabled: false resources: diff --git a/helmfile.d/snippets/derived.gotmpl b/helmfile.d/snippets/derived.gotmpl index a5547e1805..eec948d023 100644 --- a/helmfile.d/snippets/derived.gotmpl +++ b/helmfile.d/snippets/derived.gotmpl @@ -188,7 +188,7 @@ environments: istio: enabled: true metrics-server: - enabled: {{ $a | get "metrics-server.enabled" (has $provider (list "custom" "aws" "digitalocean" "linode")) }} + enabled: true minio: enabled: {{ eq $obj.type "minioLocal" }} prometheus-msteams: diff --git a/tests/fixtures/env/apps/prometheus.yaml b/tests/fixtures/env/apps/prometheus.yaml index 9dd8d35f28..e771bebe8b 100644 --- a/tests/fixtures/env/apps/prometheus.yaml +++ b/tests/fixtures/env/apps/prometheus.yaml @@ -1,6 +1,6 @@ apps: prometheus: - enabled: false + enabled: true disabledRules: - InfoInhibitor - PrometheusOperatorListErrors diff --git a/tests/fixtures/env/apps/tempo.yaml b/tests/fixtures/env/apps/tempo.yaml index acbbdd58fa..de03cfcd78 100644 --- a/tests/fixtures/env/apps/tempo.yaml +++ b/tests/fixtures/env/apps/tempo.yaml @@ -76,7 +76,6 @@ apps: limits: cpu: 900m memory: 512Mi - persistence: ingester: size: 10Gi diff --git a/tests/fixtures/env/apps/thanos.yaml b/tests/fixtures/env/apps/thanos.yaml new file mode 100644 index 0000000000..1bbd230d61 --- /dev/null +++ b/tests/fixtures/env/apps/thanos.yaml @@ -0,0 +1,36 @@ +apps: + thanos: + enabled: true + query: + replicaCount: 1 + compactor: + retentionResolutionRaw: 30d + retentionResolution5m: 30d + retentionResolution1h: 10y + persistence: + compactor: + size: 10Gi + storegateway: + size: 10Gi + resources: + query: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: 900m + memory: 512Mi + compactor: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: 900m + memory: 512Mi + storegateway: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: 900m + memory: 512Mi diff --git a/tests/fixtures/env/settings.yaml b/tests/fixtures/env/settings.yaml index b56ca4ad91..1ddd09432f 100644 --- a/tests/fixtures/env/settings.yaml +++ b/tests/fixtures/env/settings.yaml @@ -52,6 +52,7 @@ obj: loki: my-clusterid-loki tempo: my-clusterid-tempo velero: my-clusterid-velero + thanos: my-clusterid-thanos type: linode oidc: adminGroupID: someAdminGroupID diff --git a/tests/fixtures/env/teams.yaml b/tests/fixtures/env/teams.yaml index 9d91524ee1..57a0146ee0 100644 --- a/tests/fixtures/env/teams.yaml +++ b/tests/fixtures/env/teams.yaml @@ -4,7 +4,6 @@ teamConfig: managedMonitoring: alertmanager: true grafana: true - prometheus: true selfService: access: - shell @@ -24,7 +23,6 @@ teamConfig: managedMonitoring: alertmanager: true grafana: true - prometheus: true networkPolicy: egressPublic: true ingressPrivate: false @@ -48,7 +46,6 @@ teamConfig: managedMonitoring: alertmanager: true grafana: true - prometheus: true selfService: access: - shell diff --git a/values-schema.yaml b/values-schema.yaml index b00983a509..aa92949f2a 100644 --- a/values-schema.yaml +++ b/values-schema.yaml @@ -708,6 +708,7 @@ definitions: enum: - custom - linode + - apl default: linode redisChart: properties: @@ -1146,9 +1147,6 @@ definitions: grafana: type: boolean default: true - prometheus: - type: boolean - default: false alertmanager: type: boolean default: false @@ -2069,6 +2067,52 @@ properties: properties: dashboard: $ref: '#/definitions/resources' + thanos: + properties: + _rawValues: + $ref: '#/definitions/rawValues' + enabled: + type: boolean + default: false + query: + properties: + replicaCount: + description: Number of Thanos Query replicas. + type: integer + default: 1 + compactor: + description: Resolution and Retention flags. + properties: + retentionResolutionRaw: + type: string + default: 30d + retentionResolution5m: + type: string + default: 30d + retentionResolution1h: + type: string + default: 10y + resources: + additionalProperties: false + properties: + query: + $ref: '#/definitions/resources' + storegateway: + $ref: '#/definitions/resources' + compactor: + $ref: '#/definitions/resources' + persistence: + properties: + storegateway: + properties: + size: + $ref: '#/definitions/size' + default: 10Gi + compactor: + properties: + size: + $ref: '#/definitions/size' + default: 10Gi loki: additionalProperties: false properties: @@ -2973,6 +3017,10 @@ properties: type: string $ref: '#/definitions/wordCharacterPattern' default: tempo + thanos: + type: string + $ref: '#/definitions/wordCharacterPattern' + default: thanos required: - region - accessKeyId diff --git a/values/grafana-dashboards/grafana-dashboards.gotmpl b/values/grafana-dashboards/grafana-dashboards.gotmpl index 7d8ca91ac5..2386cd0c8b 100644 --- a/values/grafana-dashboards/grafana-dashboards.gotmpl +++ b/values/grafana-dashboards/grafana-dashboards.gotmpl @@ -3,18 +3,13 @@ folders: - k8s-admin - istio-admin - cloudnative-pg + - argo {{- if $v.apps.falco.enabled }} - falco {{- end }} {{- if $v.apps.loki.enabled }} - loki {{- end }} - {{- if and (eq $v.cluster.provider "azure") ($v | get "azure.monitor" nil) }} - - azure - {{- end }} - {{- if $v.apps.argocd.enabled }} - - argo - {{- end }} {{- if $v.apps.velero.enabled }} - velero {{- end }} @@ -27,3 +22,6 @@ folders: {{- if $v.apps.tempo.enabled }} - tempo {{- end }} + {{- if $v.apps.thanos.enabled }} + - thanos + {{- end }} diff --git a/values/minio/minio.gotmpl b/values/minio/minio.gotmpl index 066540b406..87a3fc5c4b 100644 --- a/values/minio/minio.gotmpl +++ b/values/minio/minio.gotmpl @@ -68,6 +68,7 @@ provisioning: - name: harbor - name: tempo - name: cnpg + - name: thanos policies: - name: otomi-apps statements: @@ -84,6 +85,7 @@ provisioning: - arn:aws:s3:::harbor - arn:aws:s3:::tempo - arn:aws:s3:::cnpg + - arn:aws:s3:::thanos - effect: Allow principal: AWS: @@ -96,6 +98,7 @@ provisioning: - arn:aws:s3:::harbor - arn:aws:s3:::tempo - arn:aws:s3:::cnpg + - arn:aws:s3:::thanos condition: StringEquals: s3:prefix: @@ -116,3 +119,4 @@ provisioning: - arn:aws:s3:::harbor/** - arn:aws:s3:::tempo/** - arn:aws:s3:::cnpg/** + - arn:aws:s3:::thanos/** diff --git a/values/prometheus-operator/prometheus-operator-raw.gotmpl b/values/prometheus-operator/prometheus-operator-raw.gotmpl index a4fd96c466..85ae0b1b8e 100644 --- a/values/prometheus-operator/prometheus-operator-raw.gotmpl +++ b/values/prometheus-operator/prometheus-operator-raw.gotmpl @@ -1,7 +1,10 @@ {{- $v := .Values }} {{- $p := $v.apps | get "prometheus" }} -{{- if $p | get "remoteWrite.rwConfig.basicAuth.enabled" false }} +{{- $t := $v.apps | get "thanos" }} +{{- $obj := $v.obj.provider }} +{{- if or ($p | get "remoteWrite.rwConfig.basicAuth.enabled" false) ($t | get "enabled" false) }} resources: + {{- if $p | get "remoteWrite.rwConfig.basicAuth.enabled" false }} - apiVersion: v1 kind: Secret metadata: @@ -11,4 +14,20 @@ resources: data: username: {{ $p.remoteWrite.rwConfig.basicAuth.username | b64enc }} password: {{ $p.remoteWrite.rwConfig.basicAuth.password | b64enc }} + {{- end }} + {{- if $t | get "enabled" false }} + - apiVersion: v1 + kind: Secret + metadata: + labels: + app: prometheus + name: thanos-objectstore + data: + {{- if eq $obj.type "minioLocal" }} + objstore.yml: {{ tpl (readFile "thanos-minio-config.gotmpl") (dict "adminPassword" $v.otomi.adminPassword) | b64enc }} + {{- end }} + {{- if eq $obj.type "linode" }} + objstore.yml: {{ tpl (readFile "thanos-linode-config.gotmpl") (dict "accessKeyId" $obj.linode.accessKeyId "secretAccessKey" $obj.linode.secretAccessKey "region" $obj.linode.region "bucket" $obj.linode.buckets.thanos) | b64enc }} + {{- end }} + {{- end }} {{- end }} \ No newline at end of file diff --git a/values/prometheus-operator/prometheus-operator-team.gotmpl b/values/prometheus-operator/prometheus-operator-team.gotmpl index e965d504bb..8282a60566 100644 --- a/values/prometheus-operator/prometheus-operator-team.gotmpl +++ b/values/prometheus-operator/prometheus-operator-team.gotmpl @@ -19,52 +19,6 @@ nodeExporter: prometheusOperator: enabled: false -defaultRules: - create: true - rules: - alertmanager: false - configReloaders: false - etcd: false - general: true - k8s: false - kubeApiserver: false - kubeApiserverAvailability: false - kubeApiserverBurnrate: true - kubeApiserverHistogram: false - kubeApiserverSlos: false - kubelet: false - kubePrometheusGeneral: false - kubePrometheusNodeRecording: false - kubeProxy: false - kubernetesApps: false - kubernetesResources: false - kubernetesStorage: false - kubernetesSystem: false - kubeScheduler: false - kubeStateMetrics: false - network: false - node: false - nodeExporterAlerting: false - nodeExporterRecording: false - prometheus: false - prometheusOperator: false - -prometheus: - serviceMonitor: - selfMonitor: false - additionalServiceMonitors: null - prometheusSpec: - enableAdminAPI: false - replicas: 1 - remoteWrite: null - resources: - limits: - cpu: '1' - memory: 4Gi - requests: - cpu: 100m - memory: 128Mi -additionalPrometheusRules: null grafana: serviceMonitor: enabled: false @@ -85,7 +39,6 @@ grafana: requests: cpu: 50m memory: 50Mi - alertmanager: serviceMonitor: selfMonitor: false diff --git a/values/prometheus-operator/prometheus-operator.gotmpl b/values/prometheus-operator/prometheus-operator.gotmpl index 49498960d4..70b3db13a1 100644 --- a/values/prometheus-operator/prometheus-operator.gotmpl +++ b/values/prometheus-operator/prometheus-operator.gotmpl @@ -5,6 +5,7 @@ {{- $a := $v.apps | get "alertmanager" }} {{- $g := $v.apps | get "grafana" }} {{- $p := $v.apps | get "prometheus" }} +{{- $t := $v.apps | get "thanos" }} {{- $hasKeycloak := $k.enabled }} {{- $domain := ($v.cluster | get "domainSuffix" nil) }} {{- $alertmanagerDomain := printf "alertmanager.%s" $domain }} @@ -52,6 +53,10 @@ commonLabels: prometheus: system prometheus: enabled: {{ $p.enabled }} + thanosService: + enabled: {{ $t.enabled }} + thanosServiceMonitor: + enabled: {{ $t.enabled }} prometheusSpec: {{- range $selType := list "podMonitor" "probe" "rule" "serviceMonitor" }} {{ $selType }}Selector: @@ -72,7 +77,7 @@ prometheus: resources: {{- $p.resources.prometheus | toYaml | nindent 6 }} priorityClassName: otomi-critical externalLabels: - cluster: "{{ $v.cluster.domainSuffix }}" + cluster: "prometheus-platform.{{ $v.cluster.domainSuffix }}" retention: {{ $p | get "retention" "1d" }} retentionSize: {{ $p | get "retentionSize" }} storageSpec: @@ -86,7 +91,7 @@ prometheus: {{- if $c.tempo.enabled }} enableRemoteWriteReceiver: true {{- end }} -{{- if and (not $v.otomi.isMultitenant) $hasServices }} +{{- if $hasServices }} additionalScrapeConfigs: {{- range $teamId, $team := $v.teamConfig }} {{- $teamServices := ($team | get "services" list) }} @@ -122,17 +127,9 @@ prometheus: {{- range $m := (tpl (readFile "service-monitors.gotmpl") $v | fromYaml) | get "additionalServiceMonitors" }} - {{- toYaml $m | nindent 6 }} {{- end }} -{{ if or (not $v.otomi.isMultitenant) (eq $v.cluster.provider "aws") }} additionalPrometheusRules: - {{- if not $v.otomi.isMultitenant }} - name: blackbox {{- readFile "rules/blackbox.yaml" | nindent 4 }} - {{- end }} - {{- if eq $v.cluster.provider "aws" }} - - name: cluster-autoscaler - {{- readFile "rules/cluster-autoscaler.yaml" | nindent 4 }} - {{- end }} -{{- end }} alertmanager: enabled: {{ $a.enabled }} alertmanagerSpec: @@ -149,7 +146,7 @@ alertmanager: priorityClassName: otomi-critical resources: {{- $a.resources | toYaml | nindent 6 }} externalUrl: https://{{ $alertmanagerDomain }} - config: {{- tpl (readFile "../../helmfile.d/snippets/alertmanager.gotmpl") (dict "instance" $v "root" $v "slackTpl" $slackTpl "opsgenieTpl" $opsgenieTpl) | nindent 4 }} + config: {{- tpl (readFile "../../helmfile.d/snippets/alertmanager-platform.gotmpl") (dict "instance" $v "root" $v "slackTpl" $slackTpl "opsgenieTpl" $opsgenieTpl) | nindent 4 }} grafana: enabled: {{ $g.enabled }} defaultDashboardsEnabled: false @@ -183,6 +180,10 @@ grafana: enabled: true label: release labelValue: grafana-dashboards + {{- if $t.enabled }} + datasources: + isDefaultDatasource: false + {{- end }} serviceMonitor: enabled: {{ $p.enabled }} labels: @@ -205,7 +206,20 @@ grafana: basicAuthUser: otomi-admin secureJsonData: basicAuthPassword: {{ $v.apps.loki.adminPassword }} - + {{- end }} + {{- if $t.enabled }} + - name: Thanos Query + access: proxy + isDefault: true + basicAuth: false + editable: false + orgId: 1 + type: prometheus + url: http://thanos-query.monitoring:9090 + jsonData: + prometheusType: Thanos + timeInterval: "60s" + {{- end }} {{- if $c.tempo.enabled }} jsonData: derivedFields: @@ -218,7 +232,7 @@ grafana: type: tempo uid: tempo access: proxy - editable: true + editable: false url: http://tempo-query-frontend.tempo:3100 jsonData: tracesToLogsV2: @@ -254,7 +268,6 @@ grafana: lokiSearch: datasourceUid: 'loki' {{- end }} - {{- end }} adminPassword: {{ $g | get "adminPassword" $v.otomi.adminPassword }} grafana.ini: {{- $grafanaIni | nindent 4 }} server: diff --git a/values/prometheus-operator/rules/cluster-autoscaler.yaml b/values/prometheus-operator/rules/cluster-autoscaler.yaml deleted file mode 100644 index c86f5abaf0..0000000000 --- a/values/prometheus-operator/rules/cluster-autoscaler.yaml +++ /dev/null @@ -1,19 +0,0 @@ -groups: - - name: cluster-autoscaler.rules - rules: - - alert: ClusterAutoScalerScaleUp - expr: cluster_autoscaler_scaled_up_nodes_total > 0 - for: 1m - labels: - severity: warning - annotations: - description: Scaling up {{ $value }} node(s) - summary: Kube Cluster Autoscaler is scaling up - - alert: ClusterAutoScalerScaleDown - expr: cluster_autoscaler_scaled_down_nodes_total > 0 - for: 1m - labels: - severity: warning - annotations: - description: Scaling down {{ $value }} node(s) - summary: Kube Cluster Autoscaler is scaling down diff --git a/values/prometheus-operator/thanos-linode-config.gotmpl b/values/prometheus-operator/thanos-linode-config.gotmpl new file mode 100644 index 0000000000..e133ad0923 --- /dev/null +++ b/values/prometheus-operator/thanos-linode-config.gotmpl @@ -0,0 +1,8 @@ +type: s3 +config: + endpoint: {{ .region }}.linodeobjects.com + bucket: {{ .bucket }} + access_key: {{ .accessKeyId }} + secret_key: {{ .secretAccessKey }} + insecure: false + signature_version2: false \ No newline at end of file diff --git a/values/prometheus-operator/thanos-minio-config.gotmpl b/values/prometheus-operator/thanos-minio-config.gotmpl new file mode 100644 index 0000000000..08107f8600 --- /dev/null +++ b/values/prometheus-operator/thanos-minio-config.gotmpl @@ -0,0 +1,7 @@ +type: s3 +config: + endpoint: minio.minio.svc.cluster.local:9000 + bucket: thanos + access_key: otomi-admin + secret_key: {{ .adminPassword }} + insecure: true \ No newline at end of file diff --git a/values/tempo/tempo.gotmpl b/values/tempo/tempo.gotmpl index 943ac0f66a..59a512a0e6 100644 --- a/values/tempo/tempo.gotmpl +++ b/values/tempo/tempo.gotmpl @@ -58,19 +58,6 @@ queryFrontend: memcached: resources: {{- $t.resources.memcached | toYaml | nindent 4 }} -metricsGenerator: - enabled: true - resources: {{- $t.resources.metricsGenerator | toYaml | nindent 4 }} - config: - storage: - path: /var/tempo/wal - wal: - remote_write_flush_deadline: 1m - # -- A list of remote write endpoints. - # -- https://prometheus.io/docs/prometheus/latest/configuration/configuration/#remote_write - remote_write: - - url: http://po-prometheus.monitoring:9090/api/v1/write - {{- if eq $obj.type "minioLocal" "linode" }} storage: trace: diff --git a/values/thanos/thanos.gotmpl b/values/thanos/thanos.gotmpl new file mode 100644 index 0000000000..e9473c15ea --- /dev/null +++ b/values/thanos/thanos.gotmpl @@ -0,0 +1,63 @@ +{{- $v := .Values }} +{{- $t:= $v.apps.thanos }} + +## @section Thanos Query parameters +query: + enabled: true + replicaCount: {{ $t.query.replicaCount }} + service: + additionalHeadless: true + dnsDiscovery: + enabled: true + sidecarsService: prometheus-operated + sidecarsNamespace: monitoring + stores: + {{- range $id, $team := $v.teamConfig }} + {{- if not (eq $id "admin") }} + - "{{ $id }}-po-thanos-discovery.team-{{ $id }}.svc.cluster.local.:10901" + {{- end }} + {{- end }} + resources: {{- $t.resources.query | toYaml | nindent 4 }} + extraFlags: + - "--query.auto-downsampling" + +## @section Thanos Query Frontend parameters +queryFrontend: + enabled: false + +## @section Thanos Compactor parameters +compactor: + enabled: true + ## By default, there is NO retention set for object storage data. This means that data is stored forever, + ## which is a valid and recommended way of running Thanos. + retentionResolutionRaw: {{ $t.compactor.retentionResolutionRaw }} + retentionResolution5m: {{ $t.compactor.retentionResolution5m }} + retentionResolution1h: {{ $t.compactor.retentionResolution1h }} + persistence: + size: {{ $t.persistence.compactor.size }} + resources: {{- $t.resources.compactor | toYaml | nindent 4 }} + +## @section Thanos Store Gateway parameters +storegateway: + enabled: true + persistence: + size: {{ $t.persistence.storegateway.size }} + resources: {{- $t.resources.storegateway | toYaml | nindent 4 }} + +## @section Thanos Receive parameters +receive: + enabled: false + +## @section Thanos receive distributor parameters +receiveDistributor: + enabled: false + +existingObjstoreSecret: thanos-objectstore + +metrics: + enabled: true + serviceMonitor: + enabled: true + namespace: monitoring + labels: + prometheus: system \ No newline at end of file diff --git a/versions.yaml b/versions.yaml index beea6b82fd..5e9171fe4f 100644 --- a/versions.yaml +++ b/versions.yaml @@ -1,4 +1,4 @@ -api: 3.0.0-rc.0 -console: v3.0.0-rc.0 -tasks: 3.2.0 +api: sr-feat-thanos-sidecar +console: sr-feat-thanos-sidecar +tasks: me-feat-monitoring-secrets tools: 2.5.0